Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-66293 (GCVE-0-2025-66293)
Vulnerability from cvelistv5 – Published: 2025-12-03 20:33 – Updated: 2025-12-04 01:31
VLAI?
EPSS
Title
LIBPNG has an out-of-bounds read in png_image_read_composite
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
Severity ?
7.1 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66293",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T20:52:13.771582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T20:55:03.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/issues/764"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-12-04T01:31:47.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.52"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T20:33:57.086Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
},
{
"name": "https://github.com/pnggroup/libpng/issues/764",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"name": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"name": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
}
],
"source": {
"advisory": "GHSA-9mpm-9pxh-mg4f",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has an out-of-bounds read in png_image_read_composite"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66293",
"datePublished": "2025-12-03T20:33:57.086Z",
"dateReserved": "2025-11-26T23:11:46.392Z",
"dateUpdated": "2025-12-04T01:31:47.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-66293\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-12-03T21:15:53.060\",\"lastModified\":\"2025-12-16T19:12:50.350\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.6.52\",\"matchCriteriaId\":\"98FBE7B9-73DC-483B-87E8-5229792557C3\"}]}]}],\"references\":[{\"url\":\"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/issues/764\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/12/03/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/12/03/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/12/03/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/pnggroup/libpng/issues/764\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/12/03/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-12-03T23:03:19.452Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66293\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-03T20:52:13.771582Z\"}}}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/issues/764\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-03T20:52:17.191Z\"}}], \"cna\": {\"title\": \"LIBPNG has an out-of-bounds read in png_image_read_composite\", \"source\": {\"advisory\": \"GHSA-9mpm-9pxh-mg4f\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"pnggroup\", \"product\": \"libpng\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.6.52\"}]}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f\", \"name\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pnggroup/libpng/issues/764\", \"name\": \"https://github.com/pnggroup/libpng/issues/764\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1\", \"name\": \"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a\", \"name\": \"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125: Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-12-03T20:33:57.086Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-66293\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T23:03:19.452Z\", \"dateReserved\": \"2025-11-26T23:11:46.392Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-12-03T20:33:57.086Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:2072
Vulnerability from csaf_redhat - Published: 2026-02-11 04:49 - Updated: 2026-02-11 07:22Summary
Red Hat Security Advisory: OpenShift Container Platform 4.18.33 bug fix and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.18.33 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.18.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.18.33. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2026:2071
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/
Security Fix(es):
* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
* glib: Integer overflow in in g_escape_uri_string() (CVE-2025-13601)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.18.33 is now available with updates to packages and images that fix several bugs and add enhancements. \n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.18.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.18.33. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2026:2071\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n* glib: Integer overflow in in g_escape_uri_string() (CVE-2025-13601)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2072",
"url": "https://access.redhat.com/errata/RHSA-2026:2072"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416741"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2072.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.18.33 bug fix and security update",
"tracking": {
"current_release_date": "2026-02-11T07:22:32+00:00",
"generator": {
"date": "2026-02-11T07:22:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2072",
"initial_release_date": "2026-02-11T04:49:09+00:00",
"revision_history": [
{
"date": "2026-02-11T04:49:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T04:49:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T07:22:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.18",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-418.94.202602022246-0",
"product": {
"name": "rhcos-aarch64-418.94.202602022246-0",
"product_id": "rhcos-aarch64-418.94.202602022246-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202602022246?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-418.94.202602022246-0",
"product": {
"name": "rhcos-ppc64le-418.94.202602022246-0",
"product_id": "rhcos-ppc64le-418.94.202602022246-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202602022246?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-418.94.202602022246-0",
"product": {
"name": "rhcos-s390x-418.94.202602022246-0",
"product_id": "rhcos-s390x-418.94.202602022246-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202602022246?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-418.94.202602022246-0",
"product": {
"name": "rhcos-x86_64-418.94.202602022246-0",
"product_id": "rhcos-x86_64-418.94.202602022246-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202602022246?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-418.94.202602022246-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0"
},
"product_reference": "rhcos-aarch64-418.94.202602022246-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-418.94.202602022246-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0"
},
"product_reference": "rhcos-ppc64le-418.94.202602022246-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-418.94.202602022246-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0"
},
"product_reference": "rhcos-s390x-418.94.202602022246-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-418.94.202602022246-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
},
"product_reference": "rhcos-x86_64-418.94.202602022246-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13601",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-11-24T12:49:28.274000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416741"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glib: Integer overflow in in g_escape_uri_string()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13601"
},
{
"category": "external",
"summary": "RHBZ#2416741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/issues/3827",
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3827"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914",
"url": "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914"
}
],
"release_date": "2025-11-24T13:00:15.295000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T04:49:09+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is {x864_DIGEST}\n\n (For s390x architecture)\n The image digest is {s390x_DIGEST}\n\n (For ppc64le architecture)\n The image digest is {ppc64le_DIGEST}\n\n (For aarch64 architecture)\n The image digest is {aarch64_DIGEST}\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2072"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glib: Integer overflow in in g_escape_uri_string()"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T04:49:09+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is {x864_DIGEST}\n\n (For s390x architecture)\n The image digest is {s390x_DIGEST}\n\n (For ppc64le architecture)\n The image digest is {ppc64le_DIGEST}\n\n (For aarch64 architecture)\n The image digest is {aarch64_DIGEST}\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2072"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T04:49:09+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is {x864_DIGEST}\n\n (For s390x architecture)\n The image digest is {s390x_DIGEST}\n\n (For ppc64le architecture)\n The image digest is {ppc64le_DIGEST}\n\n (For aarch64 architecture)\n The image digest is {aarch64_DIGEST}\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2072"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202602022246-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202602022246-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0125
Vulnerability from csaf_redhat - Published: 2026-01-06 11:25 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: mingw-libpng security update
Notes
Topic
An update for mingw-libpng is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
MinGW Windows Libpng library.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for mingw-libpng is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "MinGW Windows Libpng library.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0125",
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0125.json"
}
],
"title": "Red Hat Security Advisory: mingw-libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:26+00:00",
"generator": {
"date": "2026-02-11T04:49:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0125",
"initial_release_date": "2026-01-06T11:25:54+00:00",
"revision_history": [
{
"date": "2026-01-06T11:25:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-06T11:25:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "mingw-libpng-0:1.6.34-1.el8_10.src",
"product": {
"name": "mingw-libpng-0:1.6.34-1.el8_10.src",
"product_id": "mingw-libpng-0:1.6.34-1.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw-libpng@1.6.34-1.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libpng@1.6.34-1.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libpng-static@1.6.34-1.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw64-libpng@1.6.34-1.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw64-libpng-static-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw64-libpng-static-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw64-libpng-static-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw64-libpng-static@1.6.34-1.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libpng-debuginfo@1.6.34-1.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw64-libpng-debuginfo@1.6.34-1.el8_10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw-libpng-0:1.6.34-1.el8_10.src as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src"
},
"product_reference": "mingw-libpng-0:1.6.34-1.el8_10.src",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libpng-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libpng-static-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw64-libpng-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw64-libpng-static-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw64-libpng-static-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-06T11:25:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-06T11:25:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-06T11:25:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0414
Vulnerability from csaf_redhat - Published: 2026-01-08 22:34 - Updated: 2026-02-11 08:52Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Notes
Topic
A Subscription Management tool for finding and reporting Red Hat product usage
Details
Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0414",
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-5642",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-45582",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4598",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59682",
"url": "https://access.redhat.com/security/cve/CVE-2025-59682"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6069",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6075",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61984",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61985",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64460",
"url": "https://access.redhat.com/security/cve/CVE-2025-64460"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64720",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65018",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66293",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8291",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0414.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-02-11T08:52:18+00:00",
"generator": {
"date": "2026-02-11T08:52:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0414",
"initial_release_date": "2026-01-08T22:34:17+00:00",
"revision_history": [
{
"date": "2026-01-08T22:34:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T22:34:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T08:52:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Ad4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294682"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with a Low severity due to NPN not being widely used and specifying an empty list is likely uncommon in practice. Typically, a protocol name would be configured.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "RHBZ#2294682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
}
],
"release_date": "2024-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used"
},
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"discovery_date": "2025-05-29T19:04:54.578000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369242"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was rated as having a severity of Moderate due to the complexity to exploit this flaw. The attacker needs to setup a way to win the race condition and have an unprivileged local account to successfully exploit this vulnerability.\n\nBy default Red Hat Enterprise Linux 8 doesn\u0027t allow systemd-coredump to create dumps of SUID programs as the /proc/sys/fs/suid_dumpable is set to 0, disabling by default this capability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "RHBZ#2369242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/29/3",
"url": "https://www.openwall.com/lists/oss-security/2025/05/29/3"
}
],
"release_date": "2025-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "This issue can be mitigated by disabling the capability of the system to generate a coredump for SUID binaries. The perform that, the following command can be ran as `root` user:\n\n~~~\necho 0 \u003e /proc/sys/fs/suid_dumpable\n~~~\n\nWhile this mitigates this vulnerability while it\u0027s not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"
},
{
"cve": "CVE-2025-6069",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2025-06-17T14:00:45.339399+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373234"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service (DoS) vulnerability has been discovered in Python\u0027s html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Python HTMLParser quadratic complexity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "RHBZ#2373234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949",
"url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41",
"url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b",
"url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135462",
"url": "https://github.com/python/cpython/issues/135462"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135464",
"url": "https://github.com/python/cpython/pull/135464"
}
],
"release_date": "2025-06-17T13:39:46.058000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Python HTMLParser quadratic complexity"
},
{
"cve": "CVE-2025-6075",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-31T17:01:47.052517+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408891"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Python\u2019s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "RHBZ#2408891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/136065",
"url": "https://github.com/python/cpython/issues/136065"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
}
],
"release_date": "2025-10-31T16:41:34.983000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
},
{
"cve": "CVE-2025-8291",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-10-07T19:01:23.599055+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402342"
}
],
"notes": [
{
"category": "description",
"text": "The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "RHBZ#2402342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267",
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6",
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/139700",
"url": "https://github.com/python/cpython/issues/139700"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/139702",
"url": "https://github.com/python/cpython/pull/139702"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
}
],
"release_date": "2025-10-07T18:10:05.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-45582",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2025-07-11T17:00:47.340822+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379592"
}
],
"notes": [
{
"category": "description",
"text": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the \u2018--keep-old-files\u2019 (\u2018-k\u2019), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar: Tar path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "RHBZ#2379592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md",
"url": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/",
"url": "https://www.gnu.org/software/tar/"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity",
"url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity"
}
],
"release_date": "2025-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tar: Tar path traversal"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-59682",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-30T13:18:31.746000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2400450"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the \"startapp --template\" and \"startproject --template\" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "django: Potential partial directory-traversal via archive.extract()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59682"
},
{
"category": "external",
"summary": "RHBZ#2400450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59682"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682"
}
],
"release_date": "2025-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "django: Potential partial directory-traversal via archive.extract()"
},
{
"cve": "CVE-2025-61984",
"cwe": {
"id": "CWE-159",
"name": "Improper Handling of Invalid Use of Special Elements"
},
"discovery_date": "2025-10-06T19:01:13.449665+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401960"
}
],
"notes": [
{
"category": "description",
"text": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nThe issue occurs only when a ProxyCommand is configured and the SSH client handles a username containing control characters from an untrusted source, such as script-generated input or expanded configuration values.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "RHBZ#2401960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-61985",
"cwe": {
"id": "CWE-158",
"name": "Improper Neutralization of Null Byte or NUL Character"
},
"discovery_date": "2025-10-06T19:01:16.841946+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401962"
}
],
"notes": [
{
"category": "description",
"text": "ssh in OpenSSH before 10.1 allows the \u0027\\0\u0027 character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nExploiting this vulnerability would require a specific configuration where ProxyCommand is enabled and the SSH client processes an untrusted ssh:// URI containing null bytes. Under these conditions, the command parser may misinterpret the URI and execute unintended shell commands.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "RHBZ#2401962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-64460",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-12-02T16:01:05.300335+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service (DoS) attack triggering Central Processing Unit (CPU) and memory exhaustion via specially crafted Extensible Markup Language (XML) input processed by the XML Deserializer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that process XML input using Django\u0027s XML Deserializer, including Red Hat Ansible Automation Platform, Red Hat OpenStack Platform, and OpenShift Service Mesh. A remote attacker can exploit this flaw by providing specially crafted XML, leading to a denial-of-service due to CPU and memory exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64460"
},
{
"category": "external",
"summary": "RHBZ#2418366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/",
"url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/"
}
],
"release_date": "2025-12-02T15:15:34.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service"
},
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
}
]
}
RHSA-2026:0241
Vulnerability from csaf_redhat - Published: 2026-01-07 14:21 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0241",
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0241.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:36+00:00",
"generator": {
"date": "2026-02-11T04:49:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0241",
"initial_release_date": "2026-01-07T14:21:46+00:00",
"revision_history": [
{
"date": "2026-01-07T14:21:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T14:21:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.src",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.src",
"product_id": "libpng-2:1.6.34-9.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-devel-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-devel-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-devel-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-devel-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-debugsource-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-devel-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-devel-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-devel-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-devel-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-devel-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-devel-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T14:21:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T14:21:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T14:21:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0237
Vulnerability from csaf_redhat - Published: 2026-01-07 13:29 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0237",
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0237.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:35+00:00",
"generator": {
"date": "2026-02-11T04:49:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0237",
"initial_release_date": "2026-01-07T13:29:16+00:00",
"revision_history": [
{
"date": "2026-01-07T13:29:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T13:29:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_1.1.src",
"product": {
"name": "libpng-2:1.6.40-8.el10_1.1.src",
"product_id": "libpng-2:1.6.40-8.el10_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_1.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.src",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:29:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:29:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:29:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0216
Vulnerability from csaf_redhat - Published: 2026-01-07 11:23 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0216",
"url": "https://access.redhat.com/errata/RHSA-2026:0216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0216.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:34+00:00",
"generator": {
"date": "2026-02-11T04:49:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0216",
"initial_release_date": "2026-01-07T11:23:35+00:00",
"revision_history": [
{
"date": "2026-01-07T11:23:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T11:23:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-devel-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.src",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.src",
"product_id": "libpng-2:1.6.37-12.el9_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T11:23:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0216"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T11:23:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0216"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T11:23:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0216"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0210
Vulnerability from csaf_redhat - Published: 2026-01-07 13:02 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0210",
"url": "https://access.redhat.com/errata/RHSA-2026:0210"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0210.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:31+00:00",
"generator": {
"date": "2026-02-11T04:49:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0210",
"initial_release_date": "2026-01-07T13:02:56+00:00",
"revision_history": [
{
"date": "2026-01-07T13:02:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T13:02:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-devel-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.src",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.src",
"product_id": "libpng-2:1.6.37-12.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:02:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0210"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:02:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0210"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:02:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0210"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0234
Vulnerability from csaf_redhat - Published: 2026-01-07 13:03 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0234",
"url": "https://access.redhat.com/errata/RHSA-2026:0234"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0234.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:37+00:00",
"generator": {
"date": "2026-02-11T04:49:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0234",
"initial_release_date": "2026-01-07T13:03:31+00:00",
"revision_history": [
{
"date": "2026-01-07T13:03:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T13:03:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.src",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.src",
"product_id": "libpng-2:1.6.37-12.el9_0.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-devel-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:03:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:03:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:03:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0313
Vulnerability from csaf_redhat - Published: 2026-01-08 11:38 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0313",
"url": "https://access.redhat.com/errata/RHSA-2026:0313"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0313.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:37+00:00",
"generator": {
"date": "2026-02-11T04:49:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0313",
"initial_release_date": "2026-01-08T11:38:59+00:00",
"revision_history": [
{
"date": "2026-01-08T11:38:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T11:38:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.1.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.1.src",
"product_id": "libpng-2:1.6.34-8.el8_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:38:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:38:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:38:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0323
Vulnerability from csaf_redhat - Published: 2026-01-08 11:26 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0323",
"url": "https://access.redhat.com/errata/RHSA-2026:0323"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0323.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:38+00:00",
"generator": {
"date": "2026-02-11T04:49:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0323",
"initial_release_date": "2026-01-08T11:26:24+00:00",
"revision_history": [
{
"date": "2026-01-08T11:26:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T11:26:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_2.1.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_2.1.src",
"product_id": "libpng-2:1.6.34-8.el8_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_2.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_2.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_2.1.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:26:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0323"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:26:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0323"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:26:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0323"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0212
Vulnerability from csaf_redhat - Published: 2026-01-07 09:24 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0212",
"url": "https://access.redhat.com/errata/RHSA-2026:0212"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0212.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:32+00:00",
"generator": {
"date": "2026-02-11T04:49:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0212",
"initial_release_date": "2026-01-07T09:24:35+00:00",
"revision_history": [
{
"date": "2026-01-07T09:24:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T09:24:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_0.1.src",
"product": {
"name": "libpng-2:1.6.40-8.el10_0.1.src",
"product_id": "libpng-2:1.6.40-8.el10_0.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_0.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.src",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T09:24:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0212"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T09:24:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0212"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T09:24:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0212"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0321
Vulnerability from csaf_redhat - Published: 2026-01-08 11:29 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0321",
"url": "https://access.redhat.com/errata/RHSA-2026:0321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0321.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:37+00:00",
"generator": {
"date": "2026-02-11T04:49:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0321",
"initial_release_date": "2026-01-08T11:29:49+00:00",
"revision_history": [
{
"date": "2026-01-08T11:29:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T11:29:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.1.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.1.src",
"product_id": "libpng-2:1.6.34-8.el8_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:29:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0321"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:29:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0321"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:29:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0321"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0322
Vulnerability from csaf_redhat - Published: 2026-01-08 12:09 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0322",
"url": "https://access.redhat.com/errata/RHSA-2026:0322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0322.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:39+00:00",
"generator": {
"date": "2026-02-11T04:49:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0322",
"initial_release_date": "2026-01-08T12:09:44+00:00",
"revision_history": [
{
"date": "2026-01-08T12:09:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T12:09:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.src",
"product_id": "libpng-2:1.6.34-8.el8_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T12:09:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0322"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T12:09:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0322"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T12:09:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0322"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0238
Vulnerability from csaf_redhat - Published: 2026-01-07 13:43 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0238",
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0238.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:36+00:00",
"generator": {
"date": "2026-02-11T04:49:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0238",
"initial_release_date": "2026-01-07T13:43:11+00:00",
"revision_history": [
{
"date": "2026-01-07T13:43:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T13:43:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-devel-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.src",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.src",
"product_id": "libpng-2:1.6.37-12.el9_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.src",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:43:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:43:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:43:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0211
Vulnerability from csaf_redhat - Published: 2026-01-07 12:57 - Updated: 2026-02-11 04:49Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0211",
"url": "https://access.redhat.com/errata/RHSA-2026:0211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0211.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-02-11T04:49:31+00:00",
"generator": {
"date": "2026-02-11T04:49:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:0211",
"initial_release_date": "2026-01-07T12:57:50+00:00",
"revision_history": [
{
"date": "2026-01-07T12:57:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T12:57:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-11T04:49:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-devel-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.src",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.src",
"product_id": "libpng-2:1.6.37-12.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T12:57:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0211"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T12:57:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0211"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T12:57:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0211"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
SUSE-SU-2026:20030-1
Vulnerability from csaf_suse - Published: 2026-01-12 11:15 - Updated: 2026-01-12 11:15Summary
Security update for libpng16
Notes
Title of the patch
Security update for libpng16
Description of the patch
This update for libpng16 fixes the following issues:
- CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices
(bsc#1254157).
- CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit`
enabled (bsc#1254158).
- CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with
`PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159).
- CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced
PNGs with 8-bit output format (bsc#1254160).
- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial
transparency and gamma correction (bsc#1254480).
Patchnames
SUSE-SLES-16.0-131
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\n- CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices\n (bsc#1254157).\n- CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit`\n enabled (bsc#1254158).\n- CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with\n `PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159).\n- CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced\n PNGs with 8-bit output format (bsc#1254160).\n- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial\n transparency and gamma correction (bsc#1254480).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-131",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20030-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20030-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620030-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20030-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023774.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254157",
"url": "https://bugzilla.suse.com/1254157"
},
{
"category": "self",
"summary": "SUSE Bug 1254158",
"url": "https://bugzilla.suse.com/1254158"
},
{
"category": "self",
"summary": "SUSE Bug 1254159",
"url": "https://bugzilla.suse.com/1254159"
},
{
"category": "self",
"summary": "SUSE Bug 1254160",
"url": "https://bugzilla.suse.com/1254160"
},
{
"category": "self",
"summary": "SUSE Bug 1254480",
"url": "https://bugzilla.suse.com/1254480"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64505 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64720 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-65018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-65018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66293/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2026-01-12T11:15:01Z",
"generator": {
"date": "2026-01-12T11:15:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20030-1",
"initial_release_date": "2026-01-12T11:15:01Z",
"revision_history": [
{
"date": "2026-01-12T11:15:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.aarch64",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.aarch64",
"product_id": "libpng16-16-1.6.44-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"product_id": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.3.1.aarch64",
"product": {
"name": "libpng16-devel-1.6.44-160000.3.1.aarch64",
"product_id": "libpng16-devel-1.6.44-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.3.1.aarch64",
"product": {
"name": "libpng16-tools-1.6.44-160000.3.1.aarch64",
"product_id": "libpng16-tools-1.6.44-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.ppc64le",
"product_id": "libpng16-16-1.6.44-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"product_id": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.3.1.ppc64le",
"product": {
"name": "libpng16-devel-1.6.44-160000.3.1.ppc64le",
"product_id": "libpng16-devel-1.6.44-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.3.1.ppc64le",
"product": {
"name": "libpng16-tools-1.6.44-160000.3.1.ppc64le",
"product_id": "libpng16-tools-1.6.44-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.s390x",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.s390x",
"product_id": "libpng16-16-1.6.44-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"product_id": "libpng16-compat-devel-1.6.44-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.3.1.s390x",
"product": {
"name": "libpng16-devel-1.6.44-160000.3.1.s390x",
"product_id": "libpng16-devel-1.6.44-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.3.1.s390x",
"product": {
"name": "libpng16-tools-1.6.44-160000.3.1.s390x",
"product_id": "libpng16-tools-1.6.44-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-16-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-devel-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-tools-1.6.44-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64505"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64505",
"url": "https://www.suse.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "SUSE Bug 1254157 for CVE-2025-64505",
"url": "https://bugzilla.suse.com/1254157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:15:01Z",
"details": "moderate"
}
],
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64506"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64506",
"url": "https://www.suse.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "SUSE Bug 1254158 for CVE-2025-64506",
"url": "https://bugzilla.suse.com/1254158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:15:01Z",
"details": "moderate"
}
],
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64720"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64720",
"url": "https://www.suse.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "SUSE Bug 1254159 for CVE-2025-64720",
"url": "https://bugzilla.suse.com/1254159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:15:01Z",
"details": "moderate"
}
],
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-65018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-65018"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-65018",
"url": "https://www.suse.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "SUSE Bug 1254160 for CVE-2025-65018",
"url": "https://bugzilla.suse.com/1254160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:15:01Z",
"details": "moderate"
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66293"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66293",
"url": "https://www.suse.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "SUSE Bug 1254480 for CVE-2025-66293",
"url": "https://bugzilla.suse.com/1254480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:15:01Z",
"details": "important"
}
],
"title": "CVE-2025-66293"
}
]
}
SUSE-SU-2025:4436-1
Vulnerability from csaf_suse - Published: 2025-12-17 13:56 - Updated: 2025-12-17 13:56Summary
Security update for libpng16
Notes
Title of the patch
Security update for libpng16
Description of the patch
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
Patchnames
SUSE-2025-4436,SUSE-SLE-Micro-5.3-2025-4436,SUSE-SLE-Micro-5.4-2025-4436,SUSE-SLE-Micro-5.5-2025-4436,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4436,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4436,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4436,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4436,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4436,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4436,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4436,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4436,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4436,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4436,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4436,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4436,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4436,SUSE-SUSE-MicroOS-5.2-2025-4436,SUSE-Storage-7.1-2025-4436
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\n- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)\n- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)\n- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)\n- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)\n- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4436,SUSE-SLE-Micro-5.3-2025-4436,SUSE-SLE-Micro-5.4-2025-4436,SUSE-SLE-Micro-5.5-2025-4436,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4436,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4436,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4436,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4436,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4436,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4436,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4436,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4436,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4436,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4436,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4436,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4436,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4436,SUSE-SUSE-MicroOS-5.2-2025-4436,SUSE-Storage-7.1-2025-4436",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4436-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4436-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254436-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4436-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023579.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254157",
"url": "https://bugzilla.suse.com/1254157"
},
{
"category": "self",
"summary": "SUSE Bug 1254158",
"url": "https://bugzilla.suse.com/1254158"
},
{
"category": "self",
"summary": "SUSE Bug 1254159",
"url": "https://bugzilla.suse.com/1254159"
},
{
"category": "self",
"summary": "SUSE Bug 1254160",
"url": "https://bugzilla.suse.com/1254160"
},
{
"category": "self",
"summary": "SUSE Bug 1254480",
"url": "https://bugzilla.suse.com/1254480"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64505 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64720 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-65018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-65018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66293/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2025-12-17T13:56:16Z",
"generator": {
"date": "2025-12-17T13:56:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4436-1",
"initial_release_date": "2025-12-17T13:56:16Z",
"revision_history": [
{
"date": "2025-12-17T13:56:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"product": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"product_id": "libpng16-16-1.6.34-150000.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"product": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"product_id": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"product": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"product_id": "libpng16-devel-1.6.34-150000.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.34-150000.3.12.1.aarch64",
"product": {
"name": "libpng16-tools-1.6.34-150000.3.12.1.aarch64",
"product_id": "libpng16-tools-1.6.34-150000.3.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-64bit-1.6.34-150000.3.12.1.aarch64_ilp32",
"product": {
"name": "libpng16-16-64bit-1.6.34-150000.3.12.1.aarch64_ilp32",
"product_id": "libpng16-16-64bit-1.6.34-150000.3.12.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-64bit-1.6.34-150000.3.12.1.aarch64_ilp32",
"product": {
"name": "libpng16-compat-devel-64bit-1.6.34-150000.3.12.1.aarch64_ilp32",
"product_id": "libpng16-compat-devel-64bit-1.6.34-150000.3.12.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libpng16-devel-64bit-1.6.34-150000.3.12.1.aarch64_ilp32",
"product": {
"name": "libpng16-devel-64bit-1.6.34-150000.3.12.1.aarch64_ilp32",
"product_id": "libpng16-devel-64bit-1.6.34-150000.3.12.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.34-150000.3.12.1.i586",
"product": {
"name": "libpng16-16-1.6.34-150000.3.12.1.i586",
"product_id": "libpng16-16-1.6.34-150000.3.12.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.i586",
"product": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.i586",
"product_id": "libpng16-compat-devel-1.6.34-150000.3.12.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.34-150000.3.12.1.i586",
"product": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.i586",
"product_id": "libpng16-devel-1.6.34-150000.3.12.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.34-150000.3.12.1.i586",
"product": {
"name": "libpng16-tools-1.6.34-150000.3.12.1.i586",
"product_id": "libpng16-tools-1.6.34-150000.3.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"product_id": "libpng16-16-1.6.34-150000.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"product_id": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"product": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"product_id": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.34-150000.3.12.1.ppc64le",
"product": {
"name": "libpng16-tools-1.6.34-150000.3.12.1.ppc64le",
"product_id": "libpng16-tools-1.6.34-150000.3.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.34-150000.3.12.1.s390x",
"product": {
"name": "libpng16-16-1.6.34-150000.3.12.1.s390x",
"product_id": "libpng16-16-1.6.34-150000.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"product": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"product_id": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.34-150000.3.12.1.s390x",
"product": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.s390x",
"product_id": "libpng16-devel-1.6.34-150000.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.34-150000.3.12.1.s390x",
"product": {
"name": "libpng16-tools-1.6.34-150000.3.12.1.s390x",
"product_id": "libpng16-tools-1.6.34-150000.3.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"product": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"product_id": "libpng16-16-1.6.34-150000.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"product": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"product_id": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.34-150000.3.12.1.x86_64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.34-150000.3.12.1.x86_64",
"product_id": "libpng16-compat-devel-32bit-1.6.34-150000.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"product_id": "libpng16-devel-1.6.34-150000.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.34-150000.3.12.1.x86_64",
"product": {
"name": "libpng16-devel-32bit-1.6.34-150000.3.12.1.x86_64",
"product_id": "libpng16-devel-32bit-1.6.34-150000.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.34-150000.3.12.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.34-150000.3.12.1.x86_64",
"product_id": "libpng16-tools-1.6.34-150000.3.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy LTS 4.3",
"product": {
"name": "SUSE Manager Proxy LTS 4.3",
"product_id": "SUSE Manager Proxy LTS 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy-lts:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server LTS 4.3",
"product": {
"name": "SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server-lts:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Manager Proxy LTS 4.3",
"product_id": "SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Manager Proxy LTS 4.3",
"product_id": "SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Manager Proxy LTS 4.3",
"product_id": "SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Manager Proxy LTS 4.3",
"product_id": "SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.ppc64le as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.s390x as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.s390x as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Manager Server LTS 4.3",
"product_id": "SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server LTS 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.34-150000.3.12.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.34-150000.3.12.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64505"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64505",
"url": "https://www.suse.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "SUSE Bug 1254157 for CVE-2025-64505",
"url": "https://bugzilla.suse.com/1254157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-17T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64506"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64506",
"url": "https://www.suse.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "SUSE Bug 1254158 for CVE-2025-64506",
"url": "https://bugzilla.suse.com/1254158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-17T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64720"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64720",
"url": "https://www.suse.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "SUSE Bug 1254159 for CVE-2025-64720",
"url": "https://bugzilla.suse.com/1254159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-17T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-65018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-65018"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-65018",
"url": "https://www.suse.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "SUSE Bug 1254160 for CVE-2025-65018",
"url": "https://bugzilla.suse.com/1254160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-17T13:56:16Z",
"details": "moderate"
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66293"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66293",
"url": "https://www.suse.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "SUSE Bug 1254480 for CVE-2025-66293",
"url": "https://bugzilla.suse.com/1254480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Enterprise Storage 7.1:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Proxy LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-16-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-16-32bit-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-compat-devel-1.6.34-150000.3.12.1.x86_64",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.ppc64le",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.s390x",
"SUSE Manager Server LTS 4.3:libpng16-devel-1.6.34-150000.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-17T13:56:16Z",
"details": "important"
}
],
"title": "CVE-2025-66293"
}
]
}
SUSE-SU-2025:4494-1
Vulnerability from csaf_suse - Published: 2025-12-19 13:14 - Updated: 2025-12-19 13:14Summary
Security update for libpng16
Notes
Title of the patch
Security update for libpng16
Description of the patch
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
Patchnames
SUSE-2025-4494,SUSE-SLE-Module-Basesystem-15-SP6-2025-4494,SUSE-SLE-Module-Basesystem-15-SP7-2025-4494,openSUSE-SLE-15.6-2025-4494
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\n- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)\n- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)\n- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)\n- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)\n- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4494,SUSE-SLE-Module-Basesystem-15-SP6-2025-4494,SUSE-SLE-Module-Basesystem-15-SP7-2025-4494,openSUSE-SLE-15.6-2025-4494",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4494-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4494-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254494-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4494-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023633.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254157",
"url": "https://bugzilla.suse.com/1254157"
},
{
"category": "self",
"summary": "SUSE Bug 1254158",
"url": "https://bugzilla.suse.com/1254158"
},
{
"category": "self",
"summary": "SUSE Bug 1254159",
"url": "https://bugzilla.suse.com/1254159"
},
{
"category": "self",
"summary": "SUSE Bug 1254160",
"url": "https://bugzilla.suse.com/1254160"
},
{
"category": "self",
"summary": "SUSE Bug 1254480",
"url": "https://bugzilla.suse.com/1254480"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64505 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64720 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-65018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-65018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66293/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2025-12-19T13:14:13Z",
"generator": {
"date": "2025-12-19T13:14:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4494-1",
"initial_release_date": "2025-12-19T13:14:13Z",
"revision_history": [
{
"date": "2025-12-19T13:14:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.40-150600.3.3.1.aarch64",
"product": {
"name": "libpng16-16-1.6.40-150600.3.3.1.aarch64",
"product_id": "libpng16-16-1.6.40-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"product": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"product_id": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"product": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"product_id": "libpng16-devel-1.6.40-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"product": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"product_id": "libpng16-tools-1.6.40-150600.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "libpng16-16-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product_id": "libpng16-16-64bit-1.6.40-150600.3.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "libpng16-compat-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product_id": "libpng16-compat-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libpng16-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "libpng16-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product_id": "libpng16-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.40-150600.3.3.1.i586",
"product": {
"name": "libpng16-16-1.6.40-150600.3.3.1.i586",
"product_id": "libpng16-16-1.6.40-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.i586",
"product": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.i586",
"product_id": "libpng16-compat-devel-1.6.40-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.40-150600.3.3.1.i586",
"product": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.i586",
"product_id": "libpng16-devel-1.6.40-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.40-150600.3.3.1.i586",
"product": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.i586",
"product_id": "libpng16-tools-1.6.40-150600.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"product_id": "libpng16-16-1.6.40-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"product_id": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"product": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"product_id": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"product": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"product_id": "libpng16-tools-1.6.40-150600.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.40-150600.3.3.1.s390x",
"product": {
"name": "libpng16-16-1.6.40-150600.3.3.1.s390x",
"product_id": "libpng16-16-1.6.40-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"product": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"product_id": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.40-150600.3.3.1.s390x",
"product": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.s390x",
"product_id": "libpng16-devel-1.6.40-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.40-150600.3.3.1.s390x",
"product": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.s390x",
"product_id": "libpng16-tools-1.6.40-150600.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-16-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-16-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-devel-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-tools-1.6.40-150600.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-tools-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64505"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64505",
"url": "https://www.suse.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "SUSE Bug 1254157 for CVE-2025-64505",
"url": "https://bugzilla.suse.com/1254157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T13:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64506"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64506",
"url": "https://www.suse.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "SUSE Bug 1254158 for CVE-2025-64506",
"url": "https://bugzilla.suse.com/1254158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T13:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64720"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64720",
"url": "https://www.suse.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "SUSE Bug 1254159 for CVE-2025-64720",
"url": "https://bugzilla.suse.com/1254159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T13:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-65018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-65018"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-65018",
"url": "https://www.suse.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "SUSE Bug 1254160 for CVE-2025-65018",
"url": "https://bugzilla.suse.com/1254160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T13:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66293"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66293",
"url": "https://www.suse.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "SUSE Bug 1254480 for CVE-2025-66293",
"url": "https://bugzilla.suse.com/1254480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T13:14:13Z",
"details": "important"
}
],
"title": "CVE-2025-66293"
}
]
}
SUSE-SU-2025:21217-1
Vulnerability from csaf_suse - Published: 2025-12-16 08:31 - Updated: 2025-12-16 08:31Summary
Security update for libpng16
Notes
Title of the patch
Security update for libpng16
Description of the patch
This update for libpng16 fixes the following issues:
- CVE-2025-66293: Fixed out-of-bounds read in png_image_read_composite (bsc#1254480).
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157).
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158).
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159).
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160).
Patchnames
SUSE-SLE-Micro-6.0-536
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\n- CVE-2025-66293: Fixed out-of-bounds read in png_image_read_composite (bsc#1254480).\n- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157).\n- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158).\n- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159).\n- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-536",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21217-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21217-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521217-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21217-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023593.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254157",
"url": "https://bugzilla.suse.com/1254157"
},
{
"category": "self",
"summary": "SUSE Bug 1254158",
"url": "https://bugzilla.suse.com/1254158"
},
{
"category": "self",
"summary": "SUSE Bug 1254159",
"url": "https://bugzilla.suse.com/1254159"
},
{
"category": "self",
"summary": "SUSE Bug 1254160",
"url": "https://bugzilla.suse.com/1254160"
},
{
"category": "self",
"summary": "SUSE Bug 1254480",
"url": "https://bugzilla.suse.com/1254480"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64505 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64720 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-65018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-65018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66293/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2025-12-16T08:31:52Z",
"generator": {
"date": "2025-12-16T08:31:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21217-1",
"initial_release_date": "2025-12-16T08:31:52Z",
"revision_history": [
{
"date": "2025-12-16T08:31:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.43-2.1.aarch64",
"product": {
"name": "libpng16-16-1.6.43-2.1.aarch64",
"product_id": "libpng16-16-1.6.43-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.43-2.1.s390x",
"product": {
"name": "libpng16-16-1.6.43-2.1.s390x",
"product_id": "libpng16-16-1.6.43-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.43-2.1.x86_64",
"product": {
"name": "libpng16-16-1.6.43-2.1.x86_64",
"product_id": "libpng16-16-1.6.43-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.43-2.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64"
},
"product_reference": "libpng16-16-1.6.43-2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.43-2.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x"
},
"product_reference": "libpng16-16-1.6.43-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.43-2.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
},
"product_reference": "libpng16-16-1.6.43-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64505"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64505",
"url": "https://www.suse.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "SUSE Bug 1254157 for CVE-2025-64505",
"url": "https://bugzilla.suse.com/1254157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-16T08:31:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64506"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64506",
"url": "https://www.suse.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "SUSE Bug 1254158 for CVE-2025-64506",
"url": "https://bugzilla.suse.com/1254158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-16T08:31:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64720"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64720",
"url": "https://www.suse.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "SUSE Bug 1254159 for CVE-2025-64720",
"url": "https://bugzilla.suse.com/1254159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-16T08:31:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-65018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-65018"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-65018",
"url": "https://www.suse.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "SUSE Bug 1254160 for CVE-2025-65018",
"url": "https://bugzilla.suse.com/1254160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-16T08:31:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66293"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66293",
"url": "https://www.suse.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "SUSE Bug 1254480 for CVE-2025-66293",
"url": "https://bugzilla.suse.com/1254480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.aarch64",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.s390x",
"SUSE Linux Micro 6.0:libpng16-16-1.6.43-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-16T08:31:52Z",
"details": "important"
}
],
"title": "CVE-2025-66293"
}
]
}
SUSE-SU-2026:20073-1
Vulnerability from csaf_suse - Published: 2026-01-12 11:15 - Updated: 2026-01-12 11:15Summary
Security update for libpng16
Notes
Title of the patch
Security update for libpng16
Description of the patch
This update for libpng16 fixes the following issues:
- CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices
(bsc#1254157).
- CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit`
enabled (bsc#1254158).
- CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with
`PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159).
- CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced
PNGs with 8-bit output format (bsc#1254160).
- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial
transparency and gamma correction (bsc#1254480).
Patchnames
SUSE-SL-Micro-6.2-131
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\n- CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices\n (bsc#1254157).\n- CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit`\n enabled (bsc#1254158).\n- CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with\n `PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159).\n- CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced\n PNGs with 8-bit output format (bsc#1254160).\n- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial\n transparency and gamma correction (bsc#1254480).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-131",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20073-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20073-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620073-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20073-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023744.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254157",
"url": "https://bugzilla.suse.com/1254157"
},
{
"category": "self",
"summary": "SUSE Bug 1254158",
"url": "https://bugzilla.suse.com/1254158"
},
{
"category": "self",
"summary": "SUSE Bug 1254159",
"url": "https://bugzilla.suse.com/1254159"
},
{
"category": "self",
"summary": "SUSE Bug 1254160",
"url": "https://bugzilla.suse.com/1254160"
},
{
"category": "self",
"summary": "SUSE Bug 1254480",
"url": "https://bugzilla.suse.com/1254480"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64505 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64720 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-65018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-65018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66293/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2026-01-12T11:15:01Z",
"generator": {
"date": "2026-01-12T11:15:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20073-1",
"initial_release_date": "2026-01-12T11:15:01Z",
"revision_history": [
{
"date": "2026-01-12T11:15:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.aarch64",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.aarch64",
"product_id": "libpng16-16-1.6.44-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.ppc64le",
"product_id": "libpng16-16-1.6.44-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.s390x",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.s390x",
"product_id": "libpng16-16-1.6.44-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-16-1.6.44-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64505"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64505",
"url": "https://www.suse.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "SUSE Bug 1254157 for CVE-2025-64505",
"url": "https://bugzilla.suse.com/1254157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:15:01Z",
"details": "moderate"
}
],
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64506"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64506",
"url": "https://www.suse.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "SUSE Bug 1254158 for CVE-2025-64506",
"url": "https://bugzilla.suse.com/1254158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:15:01Z",
"details": "moderate"
}
],
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64720"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64720",
"url": "https://www.suse.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "SUSE Bug 1254159 for CVE-2025-64720",
"url": "https://bugzilla.suse.com/1254159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:15:01Z",
"details": "moderate"
}
],
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-65018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-65018"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-65018",
"url": "https://www.suse.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "SUSE Bug 1254160 for CVE-2025-65018",
"url": "https://bugzilla.suse.com/1254160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:15:01Z",
"details": "moderate"
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66293"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66293",
"url": "https://www.suse.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "SUSE Bug 1254480 for CVE-2025-66293",
"url": "https://bugzilla.suse.com/1254480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.s390x",
"SUSE Linux Micro 6.2:libpng16-16-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:15:01Z",
"details": "important"
}
],
"title": "CVE-2025-66293"
}
]
}
SUSE-SU-2025:21220-1
Vulnerability from csaf_suse - Published: 2025-12-16 08:25 - Updated: 2025-12-16 08:25Summary
Security update for libpng16
Notes
Title of the patch
Security update for libpng16
Description of the patch
This update for libpng16 fixes the following issues:
- CVE-2025-66293: Fixed out-of-bounds read in png_image_read_composite (bsc#1254480).
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157).
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158).
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159).
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160).
Patchnames
SUSE-SLE-Micro-6.1-354
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\n- CVE-2025-66293: Fixed out-of-bounds read in png_image_read_composite (bsc#1254480).\n- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157).\n- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158).\n- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159).\n- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-354",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21220-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21220-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521220-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21220-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023591.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254157",
"url": "https://bugzilla.suse.com/1254157"
},
{
"category": "self",
"summary": "SUSE Bug 1254158",
"url": "https://bugzilla.suse.com/1254158"
},
{
"category": "self",
"summary": "SUSE Bug 1254159",
"url": "https://bugzilla.suse.com/1254159"
},
{
"category": "self",
"summary": "SUSE Bug 1254160",
"url": "https://bugzilla.suse.com/1254160"
},
{
"category": "self",
"summary": "SUSE Bug 1254480",
"url": "https://bugzilla.suse.com/1254480"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64505 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64720 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-65018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-65018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66293/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2025-12-16T08:25:26Z",
"generator": {
"date": "2025-12-16T08:25:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21220-1",
"initial_release_date": "2025-12-16T08:25:26Z",
"revision_history": [
{
"date": "2025-12-16T08:25:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"product": {
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"product_id": "libpng16-16-1.6.43-slfo.1.1_2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"product_id": "libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"product": {
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"product_id": "libpng16-16-1.6.43-slfo.1.1_2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.x86_64",
"product": {
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.x86_64",
"product_id": "libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64"
},
"product_reference": "libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x"
},
"product_reference": "libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.43-slfo.1.1_2.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
},
"product_reference": "libpng16-16-1.6.43-slfo.1.1_2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64505"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64505",
"url": "https://www.suse.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "SUSE Bug 1254157 for CVE-2025-64505",
"url": "https://bugzilla.suse.com/1254157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-16T08:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64506"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64506",
"url": "https://www.suse.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "SUSE Bug 1254158 for CVE-2025-64506",
"url": "https://bugzilla.suse.com/1254158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-16T08:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64720"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64720",
"url": "https://www.suse.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "SUSE Bug 1254159 for CVE-2025-64720",
"url": "https://bugzilla.suse.com/1254159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-16T08:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-65018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-65018"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-65018",
"url": "https://www.suse.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "SUSE Bug 1254160 for CVE-2025-65018",
"url": "https://bugzilla.suse.com/1254160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-16T08:25:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66293"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66293",
"url": "https://www.suse.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "SUSE Bug 1254480 for CVE-2025-66293",
"url": "https://bugzilla.suse.com/1254480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:libpng16-16-1.6.43-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-16T08:25:26Z",
"details": "important"
}
],
"title": "CVE-2025-66293"
}
]
}
SUSE-SU-2026:0085-1
Vulnerability from csaf_suse - Published: 2026-01-09 15:01 - Updated: 2026-01-09 15:01Summary
Security update for libpng16
Notes
Title of the patch
Security update for libpng16
Description of the patch
This update for libpng16 fixes the following issues:
- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial
transparency and gamma correction (bsc#1254480).
Patchnames
SUSE-2026-85,SUSE-SLE-SERVER-12-SP5-LTSS-2026-85,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-85
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\n- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial\n transparency and gamma correction (bsc#1254480).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-85,SUSE-SLE-SERVER-12-SP5-LTSS-2026-85,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-85",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0085-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0085-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260085-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0085-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023730.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254480",
"url": "https://bugzilla.suse.com/1254480"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66293/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2026-01-09T15:01:38Z",
"generator": {
"date": "2026-01-09T15:01:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0085-1",
"initial_release_date": "2026-01-09T15:01:38Z",
"revision_history": [
{
"date": "2026-01-09T15:01:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.8-15.12.1.aarch64",
"product": {
"name": "libpng16-16-1.6.8-15.12.1.aarch64",
"product_id": "libpng16-16-1.6.8-15.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.8-15.12.1.aarch64",
"product": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.aarch64",
"product_id": "libpng16-compat-devel-1.6.8-15.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.8-15.12.1.aarch64",
"product": {
"name": "libpng16-devel-1.6.8-15.12.1.aarch64",
"product_id": "libpng16-devel-1.6.8-15.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.8-15.12.1.aarch64",
"product": {
"name": "libpng16-tools-1.6.8-15.12.1.aarch64",
"product_id": "libpng16-tools-1.6.8-15.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-64bit-1.6.8-15.12.1.aarch64_ilp32",
"product": {
"name": "libpng16-16-64bit-1.6.8-15.12.1.aarch64_ilp32",
"product_id": "libpng16-16-64bit-1.6.8-15.12.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-64bit-1.6.8-15.12.1.aarch64_ilp32",
"product": {
"name": "libpng16-compat-devel-64bit-1.6.8-15.12.1.aarch64_ilp32",
"product_id": "libpng16-compat-devel-64bit-1.6.8-15.12.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libpng16-devel-64bit-1.6.8-15.12.1.aarch64_ilp32",
"product": {
"name": "libpng16-devel-64bit-1.6.8-15.12.1.aarch64_ilp32",
"product_id": "libpng16-devel-64bit-1.6.8-15.12.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.8-15.12.1.i586",
"product": {
"name": "libpng16-16-1.6.8-15.12.1.i586",
"product_id": "libpng16-16-1.6.8-15.12.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.8-15.12.1.i586",
"product": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.i586",
"product_id": "libpng16-compat-devel-1.6.8-15.12.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.8-15.12.1.i586",
"product": {
"name": "libpng16-devel-1.6.8-15.12.1.i586",
"product_id": "libpng16-devel-1.6.8-15.12.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.8-15.12.1.i586",
"product": {
"name": "libpng16-tools-1.6.8-15.12.1.i586",
"product_id": "libpng16-tools-1.6.8-15.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.8-15.12.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.8-15.12.1.ppc64le",
"product_id": "libpng16-16-1.6.8-15.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.8-15.12.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.ppc64le",
"product_id": "libpng16-compat-devel-1.6.8-15.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.8-15.12.1.ppc64le",
"product": {
"name": "libpng16-devel-1.6.8-15.12.1.ppc64le",
"product_id": "libpng16-devel-1.6.8-15.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.8-15.12.1.ppc64le",
"product": {
"name": "libpng16-tools-1.6.8-15.12.1.ppc64le",
"product_id": "libpng16-tools-1.6.8-15.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.8-15.12.1.s390",
"product": {
"name": "libpng16-16-1.6.8-15.12.1.s390",
"product_id": "libpng16-16-1.6.8-15.12.1.s390"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.8-15.12.1.s390",
"product": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.s390",
"product_id": "libpng16-compat-devel-1.6.8-15.12.1.s390"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.8-15.12.1.s390",
"product": {
"name": "libpng16-devel-1.6.8-15.12.1.s390",
"product_id": "libpng16-devel-1.6.8-15.12.1.s390"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.8-15.12.1.s390",
"product": {
"name": "libpng16-tools-1.6.8-15.12.1.s390",
"product_id": "libpng16-tools-1.6.8-15.12.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.8-15.12.1.s390x",
"product": {
"name": "libpng16-16-1.6.8-15.12.1.s390x",
"product_id": "libpng16-16-1.6.8-15.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.8-15.12.1.s390x",
"product": {
"name": "libpng16-16-32bit-1.6.8-15.12.1.s390x",
"product_id": "libpng16-16-32bit-1.6.8-15.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.8-15.12.1.s390x",
"product": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.s390x",
"product_id": "libpng16-compat-devel-1.6.8-15.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.8-15.12.1.s390x",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.8-15.12.1.s390x",
"product_id": "libpng16-compat-devel-32bit-1.6.8-15.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.8-15.12.1.s390x",
"product": {
"name": "libpng16-devel-1.6.8-15.12.1.s390x",
"product_id": "libpng16-devel-1.6.8-15.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.8-15.12.1.s390x",
"product": {
"name": "libpng16-devel-32bit-1.6.8-15.12.1.s390x",
"product_id": "libpng16-devel-32bit-1.6.8-15.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.8-15.12.1.s390x",
"product": {
"name": "libpng16-tools-1.6.8-15.12.1.s390x",
"product_id": "libpng16-tools-1.6.8-15.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.8-15.12.1.x86_64",
"product": {
"name": "libpng16-16-1.6.8-15.12.1.x86_64",
"product_id": "libpng16-16-1.6.8-15.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.8-15.12.1.x86_64",
"product": {
"name": "libpng16-16-32bit-1.6.8-15.12.1.x86_64",
"product_id": "libpng16-16-32bit-1.6.8-15.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.8-15.12.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.8-15.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.8-15.12.1.x86_64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.8-15.12.1.x86_64",
"product_id": "libpng16-compat-devel-32bit-1.6.8-15.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.8-15.12.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.8-15.12.1.x86_64",
"product_id": "libpng16-devel-1.6.8-15.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.8-15.12.1.x86_64",
"product": {
"name": "libpng16-devel-32bit-1.6.8-15.12.1.x86_64",
"product_id": "libpng16-devel-32bit-1.6.8-15.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.8-15.12.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.8-15.12.1.x86_64",
"product_id": "libpng16-tools-1.6.8-15.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.8-15.12.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.aarch64"
},
"product_reference": "libpng16-16-1.6.8-15.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.8-15.12.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.8-15.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.8-15.12.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.s390x"
},
"product_reference": "libpng16-16-1.6.8-15.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.8-15.12.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.8-15.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.8-15.12.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-32bit-1.6.8-15.12.1.s390x"
},
"product_reference": "libpng16-16-32bit-1.6.8-15.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.8-15.12.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-32bit-1.6.8-15.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.8-15.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.8-15.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.8-15.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.8-15.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.8-15.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.8-15.12.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.8-15.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.8-15.12.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.8-15.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.8-15.12.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.s390x"
},
"product_reference": "libpng16-devel-1.6.8-15.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.8-15.12.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.8-15.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.8-15.12.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-1.6.8-15.12.1.x86_64"
},
"product_reference": "libpng16-16-1.6.8-15.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.8-15.12.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-32bit-1.6.8-15.12.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.8-15.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.8-15.12.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-compat-devel-1.6.8-15.12.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.8-15.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.8-15.12.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-devel-1.6.8-15.12.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.8-15.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66293"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-32bit-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-32bit-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-32bit-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-compat-devel-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-devel-1.6.8-15.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66293",
"url": "https://www.suse.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "SUSE Bug 1254480 for CVE-2025-66293",
"url": "https://bugzilla.suse.com/1254480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-32bit-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-32bit-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-32bit-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-compat-devel-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-devel-1.6.8-15.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-32bit-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-32bit-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-32bit-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-compat-devel-1.6.8-15.12.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-devel-1.6.8-15.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-09T15:01:38Z",
"details": "important"
}
],
"title": "CVE-2025-66293"
}
]
}
CERTFR-2025-AVI-1078
Vulnerability from certfr_avis - Published: 2025-12-08 - Updated: 2025-12-08
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 msft-golang 1.24.9-1 | ||
| Microsoft | N/A | cbl2 golang 1.22.7-5 | ||
| Microsoft | N/A | azl3 golang 1.23.12-1 | ||
| Microsoft | N/A | cbl2 python3 3.9.19-16 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | cbl2 qt5-qtbase 5.12.11-18 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-21 | ||
| Microsoft | N/A | cbl2 python3 3.9.19-17 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | azl3 kernel 6.6.112.1-2 | ||
| Microsoft | N/A | cbl2 vim 9.1.1616-1 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | cbl2 gcc 11.2.0-8 | ||
| Microsoft | N/A | azl3 vim 9.1.1616-1 | ||
| Microsoft | N/A | azl3 golang 1.25.3-1 | ||
| Microsoft | N/A | azl3 pgbouncer 1.24.1-1 | ||
| Microsoft | N/A | cbl2 tensorflow 2.11.1-2 | ||
| Microsoft | N/A | azl3 libpng 1.6.40-1 versions antérieures à 1.6.52-1 | ||
| Microsoft | N/A | azl3 gcc 13.2.0-7 | ||
| Microsoft | N/A | azl3 python3 3.12.9-5 | ||
| Microsoft | N/A | cbl2 golang 1.18.8-10 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 msft-golang 1.24.9-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 golang 1.22.7-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.23.12-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python3 3.9.19-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 qt5-qtbase 5.12.11-18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python3 3.9.19-17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.112.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 vim 9.1.1616-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 gcc 11.2.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 vim 9.1.1616-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.25.3-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 pgbouncer 1.24.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng 1.6.40-1 versions ant\u00e9rieures \u00e0 1.6.52-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 gcc 13.2.0-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python3 3.12.9-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 golang 1.18.8-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40254"
},
{
"name": "CVE-2025-40219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
},
{
"name": "CVE-2025-40240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2023-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53209"
},
{
"name": "CVE-2025-40251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40251"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2022-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50304"
},
{
"name": "CVE-2025-40245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40245"
},
{
"name": "CVE-2025-40233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40233"
},
{
"name": "CVE-2025-40242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40242"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-40252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
},
{
"name": "CVE-2025-40218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40218"
},
{
"name": "CVE-2025-40220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40220"
},
{
"name": "CVE-2025-40257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40257"
},
{
"name": "CVE-2025-40263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40263"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2025-40250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40250"
},
{
"name": "CVE-2025-40264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40264"
},
{
"name": "CVE-2025-66476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66476"
},
{
"name": "CVE-2022-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50303"
},
{
"name": "CVE-2025-40243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40243"
},
{
"name": "CVE-2025-40266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40266"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-12385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12385"
},
{
"name": "CVE-2023-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53231"
},
{
"name": "CVE-2025-40247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40247"
},
{
"name": "CVE-2025-40215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
},
{
"name": "CVE-2025-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40217"
},
{
"name": "CVE-2025-40248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40248"
},
{
"name": "CVE-2025-40259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40259"
},
{
"name": "CVE-2025-40253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40253"
},
{
"name": "CVE-2025-12819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12819"
},
{
"name": "CVE-2025-40258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
},
{
"name": "CVE-2025-34297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-34297"
},
{
"name": "CVE-2025-40262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40262"
},
{
"name": "CVE-2025-40261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
},
{
"name": "CVE-2025-40244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40244"
},
{
"name": "CVE-2025-40223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40223"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
}
],
"initial_release_date": "2025-12-08T00:00:00",
"last_revision_date": "2025-12-08T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1078",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40254",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40254"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40257",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40257"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40245",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40245"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40258",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40258"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50304",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50304"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40219",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40219"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40233"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40244",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40244"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53209",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53209"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61729",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61729"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40262",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40262"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40253",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40253"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40223",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40223"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40217",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40217"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-6485",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6485"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40252",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40252"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40250",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40250"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40261",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40261"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40215",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40215"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40264",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40264"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40263",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40263"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12084",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12084"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12385",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12385"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12819",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12819"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61727",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61727"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40242",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40242"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40259",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40259"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50303",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50303"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40243",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40243"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40251",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40251"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40247",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40247"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40220",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40220"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66476",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66476"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40240",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40240"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40248",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40248"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13836",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13836"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66293",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66293"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53231",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53231"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40218",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40218"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13837",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13837"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40266",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40266"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-34297",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-34297"
}
]
}
CERTFR-2026-AVI-0109
Vulnerability from certfr_avis - Published: 2026-01-30 - Updated: 2026-01-30
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar User Behavior Analytics versions antérieures à 5.1.0 | ||
| IBM | Tivoli | Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de sécurité | ||
| IBM | Db2 | Db2 versions 12.1.x antérieures à 12.1.2 sans le correctif de sécurité #72296 | ||
| IBM | Db2 | DB2 Data Management Console versions 3.1.1x antérieures à 3.1.13.2 | ||
| IBM | WebSphere | WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60 | ||
| IBM | WebSphere | WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | Db2 | Db2 versions 11.5.x antérieures à 11.5.9 sans le correctif de sécurité #66394 | ||
| IBM | Db2 | Db2 version 12.1.3 sans le correctif de sécurité #71609 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions 17.0.0.3 à 26.0.0.1 sans le correctif de sécurité PH69485 ou antérieures à 26.0.0.2 (disponibilité prévue pour le premier trimestre 2026) | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14 IF04 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 antérieures à 8.3 sur Cloud Pak for Data 5.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 5.1.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.2 sans le correctif de s\u00e9curit\u00e9 #72296",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions 3.1.1x ant\u00e9rieures \u00e0 3.1.13.2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le correctif de s\u00e9curit\u00e9 #66394",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 version 12.1.3 sans le correctif de s\u00e9curit\u00e9 #71609",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 26.0.0.1 sans le correctif de s\u00e9curit\u00e9 PH69485 ou ant\u00e9rieures \u00e0 26.0.0.2 (disponibilit\u00e9 pr\u00e9vue pour le premier trimestre 2026)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14 IF04",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2016-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2022-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2596"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-36131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2024-37071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
},
{
"name": "CVE-2019-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2024-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2019-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"name": "CVE-2024-41761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-36136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2022-33987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2025-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2025-6493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6493"
},
{
"name": "CVE-2025-33012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-25977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25977"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2025-11083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-54313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54313"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-39697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
},
{
"name": "CVE-2025-29907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29907"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2024-41762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
},
{
"name": "CVE-2021-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2024-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-14914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2024-45663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
},
{
"name": "CVE-2025-33134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
},
{
"name": "CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2025-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36185"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2026-01-30T00:00:00",
"last_revision_date": "2026-01-30T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0109",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 5691194",
"url": "https://www.ibm.com/support/pages/node/5691194"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258104",
"url": "https://www.ibm.com/support/pages/node/7258104"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258234",
"url": "https://www.ibm.com/support/pages/node/7258234"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258110",
"url": "https://www.ibm.com/support/pages/node/7258110"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257910",
"url": "https://www.ibm.com/support/pages/node/7257910"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257899",
"url": "https://www.ibm.com/support/pages/node/7257899"
},
{
"published_at": "2026-01-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258042",
"url": "https://www.ibm.com/support/pages/node/7258042"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257904",
"url": "https://www.ibm.com/support/pages/node/7257904"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257903",
"url": "https://www.ibm.com/support/pages/node/7257903"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257901",
"url": "https://www.ibm.com/support/pages/node/7257901"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257898",
"url": "https://www.ibm.com/support/pages/node/7257898"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257900",
"url": "https://www.ibm.com/support/pages/node/7257900"
},
{
"published_at": "2026-01-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257978",
"url": "https://www.ibm.com/support/pages/node/7257978"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257902",
"url": "https://www.ibm.com/support/pages/node/7257902"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257519",
"url": "https://www.ibm.com/support/pages/node/7257519"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258331",
"url": "https://www.ibm.com/support/pages/node/7258331"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257633",
"url": "https://www.ibm.com/support/pages/node/7257633"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258232",
"url": "https://www.ibm.com/support/pages/node/7258232"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258224",
"url": "https://www.ibm.com/support/pages/node/7258224"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257678",
"url": "https://www.ibm.com/support/pages/node/7257678"
}
]
}
CERTFR-2025-AVI-1078
Vulnerability from certfr_avis - Published: 2025-12-08 - Updated: 2025-12-08
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 msft-golang 1.24.9-1 | ||
| Microsoft | N/A | cbl2 golang 1.22.7-5 | ||
| Microsoft | N/A | azl3 golang 1.23.12-1 | ||
| Microsoft | N/A | cbl2 python3 3.9.19-16 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | cbl2 qt5-qtbase 5.12.11-18 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-21 | ||
| Microsoft | N/A | cbl2 python3 3.9.19-17 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | azl3 kernel 6.6.112.1-2 | ||
| Microsoft | N/A | cbl2 vim 9.1.1616-1 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | cbl2 gcc 11.2.0-8 | ||
| Microsoft | N/A | azl3 vim 9.1.1616-1 | ||
| Microsoft | N/A | azl3 golang 1.25.3-1 | ||
| Microsoft | N/A | azl3 pgbouncer 1.24.1-1 | ||
| Microsoft | N/A | cbl2 tensorflow 2.11.1-2 | ||
| Microsoft | N/A | azl3 libpng 1.6.40-1 versions antérieures à 1.6.52-1 | ||
| Microsoft | N/A | azl3 gcc 13.2.0-7 | ||
| Microsoft | N/A | azl3 python3 3.12.9-5 | ||
| Microsoft | N/A | cbl2 golang 1.18.8-10 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 msft-golang 1.24.9-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 golang 1.22.7-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.23.12-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python3 3.9.19-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 qt5-qtbase 5.12.11-18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python3 3.9.19-17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.112.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 vim 9.1.1616-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 gcc 11.2.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 vim 9.1.1616-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.25.3-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 pgbouncer 1.24.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng 1.6.40-1 versions ant\u00e9rieures \u00e0 1.6.52-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 gcc 13.2.0-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python3 3.12.9-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 golang 1.18.8-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40254"
},
{
"name": "CVE-2025-40219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
},
{
"name": "CVE-2025-40240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2023-53209",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53209"
},
{
"name": "CVE-2025-40251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40251"
},
{
"name": "CVE-2025-13837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
},
{
"name": "CVE-2022-50304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50304"
},
{
"name": "CVE-2025-40245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40245"
},
{
"name": "CVE-2025-40233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40233"
},
{
"name": "CVE-2025-40242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40242"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-40252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
},
{
"name": "CVE-2025-40218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40218"
},
{
"name": "CVE-2025-40220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40220"
},
{
"name": "CVE-2025-40257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40257"
},
{
"name": "CVE-2025-40263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40263"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2025-40250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40250"
},
{
"name": "CVE-2025-40264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40264"
},
{
"name": "CVE-2025-66476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66476"
},
{
"name": "CVE-2022-50303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50303"
},
{
"name": "CVE-2025-40243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40243"
},
{
"name": "CVE-2025-40266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40266"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-12385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12385"
},
{
"name": "CVE-2023-53231",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53231"
},
{
"name": "CVE-2025-40247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40247"
},
{
"name": "CVE-2025-40215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
},
{
"name": "CVE-2025-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40217"
},
{
"name": "CVE-2025-40248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40248"
},
{
"name": "CVE-2025-40259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40259"
},
{
"name": "CVE-2025-40253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40253"
},
{
"name": "CVE-2025-12819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12819"
},
{
"name": "CVE-2025-40258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
},
{
"name": "CVE-2025-34297",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-34297"
},
{
"name": "CVE-2025-40262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40262"
},
{
"name": "CVE-2025-40261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
},
{
"name": "CVE-2025-40244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40244"
},
{
"name": "CVE-2025-40223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40223"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
}
],
"initial_release_date": "2025-12-08T00:00:00",
"last_revision_date": "2025-12-08T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1078",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40254",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40254"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40257",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40257"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40245",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40245"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40258",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40258"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50304",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50304"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40219",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40219"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40233"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40244",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40244"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53209",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53209"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61729",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61729"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40262",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40262"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40253",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40253"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40223",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40223"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40217",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40217"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-6485",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6485"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40252",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40252"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40250",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40250"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40261",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40261"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40215",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40215"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40264",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40264"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40263",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40263"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12084",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12084"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12385",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12385"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12819",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12819"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61727",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61727"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40242",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40242"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40259",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40259"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50303",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50303"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40243",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40243"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40251",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40251"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40247",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40247"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40220",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40220"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66476",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66476"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40240",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40240"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40248",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40248"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13836",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13836"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66293",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66293"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-53231",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53231"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40218",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40218"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13837",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13837"
},
{
"published_at": "2025-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40266",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40266"
},
{
"published_at": "2025-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-34297",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-34297"
}
]
}
FKIE_CVE-2025-66293
Vulnerability from fkie_nvd - Published: 2025-12-03 21:15 - Updated: 2025-12-16 19:12
Severity ?
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 | Patch | |
| security-advisories@github.com | https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a | Patch | |
| security-advisories@github.com | https://github.com/pnggroup/libpng/issues/764 | Exploit, Issue Tracking, Patch | |
| security-advisories@github.com | https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/12/03/6 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/12/03/7 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/12/03/8 | Mailing List | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/pnggroup/libpng/issues/764 | Exploit, Issue Tracking, Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98FBE7B9-73DC-483B-87E8-5229792557C3",
"versionEndExcluding": "1.6.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later."
}
],
"id": "CVE-2025-66293",
"lastModified": "2025-12-16T19:12:50.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-12-03T21:15:53.060",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/12/03/8"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/pnggroup/libpng/issues/764"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
WID-SEC-W-2025-2737
Vulnerability from csaf_certbund - Published: 2025-12-03 23:00 - Updated: 2026-01-28 23:00Summary
libpng: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die libpng ist die offizielle Referenzbibliothek für die Darstellung und Manipulation von Bildern im Portable Network Graphics (PNG) Format.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libpng ausnutzen, um einen Denial of Service Angriff durchzuführen, und um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die libpng ist die offizielle Referenzbibliothek f\u00fcr die Darstellung und Manipulation von Bildern im Portable Network Graphics (PNG) Format.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libpng ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, und um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2737 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2737.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2737 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2737"
},
{
"category": "external",
"summary": "libpng Home Page vom 2025-12-03",
"url": "https://libpng.org/pub/png/libpng.html"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2418711 vom 2025-12-03",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "GitHub Advisory vom 2025-12-04",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4396 vom 2025-12-07",
"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00007.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15801-1 vom 2025-12-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DITWOWWWUN5LP764ZFUIYPAWVEFFVEA7/"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2025-12-09",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6076 vom 2025-12-10",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00242.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-7F360BE18F vom 2025-12-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-7f360be18f"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-DBD70402F4 vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-dbd70402f4"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-DA6D092209 vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-da6d092209"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4436-1 vom 2025-12-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023579.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21217-1 vom 2025-12-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023593.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21220-1 vom 2025-12-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023591.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4494-1 vom 2025-12-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZIBH6F5GJDUMZIKK5ICPKWLWOR4CCVQK/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2FIREFOX-2025-049 vom 2026-01-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2FIREFOX-2025-049.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3108 vom 2026-01-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3108.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0125 vom 2026-01-06",
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0212 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0212"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0216 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0216"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:0125 vom 2026-01-07",
"url": "https://errata.build.resf.org/RLSA-2026:0125"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-0125 vom 2026-01-08",
"url": "https://linux.oracle.com/errata/ELSA-2026-0125.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0237 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0210 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0210"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0234 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0234"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-0241 vom 2026-01-08",
"url": "https://linux.oracle.com/errata/ELSA-2026-0241.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0211 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0211"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-0238 vom 2026-01-07",
"url": "https://linux.oracle.com/errata/ELSA-2026-0238.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-0237 vom 2026-01-07",
"url": "https://linux.oracle.com/errata/ELSA-2026-0237.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0241 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0238 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0322 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0322"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0323 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0323"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0321 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0321"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0313 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0313"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0414 vom 2026-01-09",
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:0237 vom 2026-01-09",
"url": "https://errata.build.resf.org/RLSA-2026:0237"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:0238 vom 2026-01-09",
"url": "https://errata.build.resf.org/RLSA-2026:0238"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:0241 vom 2026-01-09",
"url": "https://errata.build.resf.org/RLSA-2026:0241"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0085-1 vom 2026-01-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023730.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20017-1 vom 2026-01-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2GPCRBHJC7Z4H55G47GJBQKP5HYHTLXK/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20073-1 vom 2026-01-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023744.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7963-1 vom 2026-01-14",
"url": "https://ubuntu.com/security/notices/USN-7963-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20030-1 vom 2026-01-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023774.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0950 vom 2026-01-22",
"url": "https://access.redhat.com/errata/RHSA-2026:0950"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7258234 vom 2026-01-28",
"url": "https://www.ibm.com/support/pages/node/7258234"
}
],
"source_lang": "en-US",
"title": "libpng: Schwachstelle erm\u00f6glicht Denial of Service und Offenlegung von Informationen",
"tracking": {
"current_release_date": "2026-01-28T23:00:00.000+00:00",
"generator": {
"date": "2026-01-29T08:27:38.501+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2737",
"initial_release_date": "2025-12-03T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-03T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-12-07T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-12-17T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-18T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-21T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-05T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-01-06T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-07T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2026-01-08T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-11T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-13T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-01-14T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2026-01-21T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "17"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP14 IF04",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP14 IF04",
"product_id": "T050392"
}
},
{
"category": "product_version",
"name": "7.5.0 UP14 IF04",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP14 IF04",
"product_id": "T050392-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up14_if04"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3",
"product": {
"name": "Microsoft Azure Linux azl3",
"product_id": "T049210",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.6.52",
"product": {
"name": "Open Source libpng \u003c1.6.52",
"product_id": "T049076"
}
},
{
"category": "product_version",
"name": "1.6.52",
"product": {
"name": "Open Source libpng 1.6.52",
"product_id": "T049076-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:libpng:libpng:1.6.52"
}
}
}
],
"category": "product_name",
"name": "libpng"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66293",
"product_status": {
"known_affected": [
"T050392",
"2951",
"T002207",
"67646",
"T049076",
"T000126",
"T027843",
"398363",
"T049210",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2025-12-03T23:00:00.000+00:00",
"title": "CVE-2025-66293"
}
]
}
MSRC_CVE-2025-66293
Vulnerability from csaf_microsoft - Published: 2025-12-02 00:00 - Updated: 2026-01-08 01:37Summary
LIBPNG has an out-of-bounds read in png_image_read_composite
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-66293.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "LIBPNG has an out-of-bounds read in png_image_read_composite",
"tracking": {
"current_release_date": "2026-01-08T01:37:57.000Z",
"generator": {
"date": "2026-01-08T08:58:26.405Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-66293",
"initial_release_date": "2025-12-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-12-05T01:02:40.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-06T01:03:56.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2025-12-06T14:41:26.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2025-12-07T01:04:04.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
},
{
"date": "2025-12-08T14:38:09.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Information published."
},
{
"date": "2025-12-09T01:40:02.000Z",
"legacy_version": "6",
"number": "6",
"summary": "Information published."
},
{
"date": "2025-12-17T14:36:58.000Z",
"legacy_version": "7",
"number": "7",
"summary": "Information published."
},
{
"date": "2026-01-08T01:37:57.000Z",
"legacy_version": "8",
"number": "8",
"summary": "Information published."
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 libpng 1.6.51-1",
"product": {
"name": "\u003ccbl2 libpng 1.6.51-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 libpng 1.6.51-1",
"product": {
"name": "cbl2 libpng 1.6.51-1",
"product_id": "20684"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 libpng 1.6.40-1",
"product": {
"name": "\u003cazl3 libpng 1.6.40-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 libpng 1.6.40-1",
"product": {
"name": "azl3 libpng 1.6.40-1",
"product_id": "20674"
}
}
],
"category": "product_name",
"name": "libpng"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 qt5-qtbase 5.12.11-18",
"product": {
"name": "\u003ccbl2 qt5-qtbase 5.12.11-18",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 qt5-qtbase 5.12.11-18",
"product": {
"name": "cbl2 qt5-qtbase 5.12.11-18",
"product_id": "20185"
}
}
],
"category": "product_name",
"name": "qt5-qtbase"
},
{
"category": "product_name",
"name": "azl3 qtbase 6.6.3-4",
"product": {
"name": "azl3 qtbase 6.6.3-4",
"product_id": "5"
}
},
{
"category": "product_name",
"name": "azl3 syslinux 6.04-11",
"product": {
"name": "azl3 syslinux 6.04-11",
"product_id": "8"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "7"
}
},
{
"category": "product_name",
"name": "cbl2 syslinux 6.04-10",
"product": {
"name": "cbl2 syslinux 6.04-10",
"product_id": "6"
}
},
{
"category": "product_name",
"name": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "cbl2 tensorflow 2.11.1-2",
"product_id": "4"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libpng 1.6.51-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libpng 1.6.51-1 as a component of CBL Mariner 2.0",
"product_id": "20684-17086"
},
"product_reference": "20684",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libpng 1.6.40-1 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libpng 1.6.40-1 as a component of Azure Linux 3.0",
"product_id": "20674-17084"
},
"product_reference": "20674",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 qtbase 6.6.3-4 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 syslinux 6.04-11 as a component of Azure Linux 3.0",
"product_id": "17084-8"
},
"product_reference": "8",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 qt5-qtbase 5.12.11-18 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 qt5-qtbase 5.12.11-18 as a component of CBL Mariner 2.0",
"product_id": "20185-17086"
},
"product_reference": "20185",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 syslinux 6.04-10 as a component of CBL Mariner 2.0",
"product_id": "17086-6"
},
"product_reference": "6",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tensorflow 2.11.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-5",
"17084-8",
"17084-7",
"17086-6",
"17086-4"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20684-17086",
"20674-17084",
"20185-17086"
],
"known_affected": [
"17086-1",
"17084-2",
"17086-3"
],
"known_not_affected": [
"17084-5",
"17084-8",
"17084-7",
"17086-6",
"17086-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-66293.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-05T01:02:40.000Z",
"details": "1.6.52-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1",
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-12-05T01:02:40.000Z",
"details": "5.12.11-19:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"17086-1",
"17084-2",
"17086-3"
]
}
],
"title": "LIBPNG has an out-of-bounds read in png_image_read_composite"
}
]
}
OPENSUSE-SU-2025:15801-1
Vulnerability from csaf_opensuse - Published: 2025-12-08 00:00 - Updated: 2025-12-08 00:00Summary
libpng16-16-1.6.52-1.1 on GA media
Notes
Title of the patch
libpng16-16-1.6.52-1.1 on GA media
Description of the patch
These are all security issues fixed in the libpng16-16-1.6.52-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15801
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libpng16-16-1.6.52-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libpng16-16-1.6.52-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15801",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15801-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66293/"
}
],
"title": "libpng16-16-1.6.52-1.1 on GA media",
"tracking": {
"current_release_date": "2025-12-08T00:00:00Z",
"generator": {
"date": "2025-12-08T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15801-1",
"initial_release_date": "2025-12-08T00:00:00Z",
"revision_history": [
{
"date": "2025-12-08T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.52-1.1.aarch64",
"product": {
"name": "libpng16-16-1.6.52-1.1.aarch64",
"product_id": "libpng16-16-1.6.52-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.52-1.1.aarch64",
"product": {
"name": "libpng16-16-32bit-1.6.52-1.1.aarch64",
"product_id": "libpng16-16-32bit-1.6.52-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.aarch64",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.aarch64",
"product_id": "libpng16-16-x86-64-v3-1.6.52-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.52-1.1.aarch64",
"product": {
"name": "libpng16-compat-devel-1.6.52-1.1.aarch64",
"product_id": "libpng16-compat-devel-1.6.52-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.aarch64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.aarch64",
"product_id": "libpng16-compat-devel-32bit-1.6.52-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.aarch64",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.aarch64",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.52-1.1.aarch64",
"product": {
"name": "libpng16-devel-1.6.52-1.1.aarch64",
"product_id": "libpng16-devel-1.6.52-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.52-1.1.aarch64",
"product": {
"name": "libpng16-devel-32bit-1.6.52-1.1.aarch64",
"product_id": "libpng16-devel-32bit-1.6.52-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.aarch64",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.aarch64",
"product_id": "libpng16-devel-x86-64-v3-1.6.52-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.52-1.1.aarch64",
"product": {
"name": "libpng16-tools-1.6.52-1.1.aarch64",
"product_id": "libpng16-tools-1.6.52-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.52-1.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.52-1.1.ppc64le",
"product_id": "libpng16-16-1.6.52-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.52-1.1.ppc64le",
"product": {
"name": "libpng16-16-32bit-1.6.52-1.1.ppc64le",
"product_id": "libpng16-16-32bit-1.6.52-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.ppc64le",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.ppc64le",
"product_id": "libpng16-16-x86-64-v3-1.6.52-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.52-1.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-1.6.52-1.1.ppc64le",
"product_id": "libpng16-compat-devel-1.6.52-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.ppc64le",
"product_id": "libpng16-compat-devel-32bit-1.6.52-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.52-1.1.ppc64le",
"product": {
"name": "libpng16-devel-1.6.52-1.1.ppc64le",
"product_id": "libpng16-devel-1.6.52-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.52-1.1.ppc64le",
"product": {
"name": "libpng16-devel-32bit-1.6.52-1.1.ppc64le",
"product_id": "libpng16-devel-32bit-1.6.52-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"product_id": "libpng16-devel-x86-64-v3-1.6.52-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.52-1.1.ppc64le",
"product": {
"name": "libpng16-tools-1.6.52-1.1.ppc64le",
"product_id": "libpng16-tools-1.6.52-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.52-1.1.s390x",
"product": {
"name": "libpng16-16-1.6.52-1.1.s390x",
"product_id": "libpng16-16-1.6.52-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.52-1.1.s390x",
"product": {
"name": "libpng16-16-32bit-1.6.52-1.1.s390x",
"product_id": "libpng16-16-32bit-1.6.52-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.s390x",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.s390x",
"product_id": "libpng16-16-x86-64-v3-1.6.52-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.52-1.1.s390x",
"product": {
"name": "libpng16-compat-devel-1.6.52-1.1.s390x",
"product_id": "libpng16-compat-devel-1.6.52-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.s390x",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.s390x",
"product_id": "libpng16-compat-devel-32bit-1.6.52-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.s390x",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.s390x",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.52-1.1.s390x",
"product": {
"name": "libpng16-devel-1.6.52-1.1.s390x",
"product_id": "libpng16-devel-1.6.52-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.52-1.1.s390x",
"product": {
"name": "libpng16-devel-32bit-1.6.52-1.1.s390x",
"product_id": "libpng16-devel-32bit-1.6.52-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.s390x",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.s390x",
"product_id": "libpng16-devel-x86-64-v3-1.6.52-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.52-1.1.s390x",
"product": {
"name": "libpng16-tools-1.6.52-1.1.s390x",
"product_id": "libpng16-tools-1.6.52-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.52-1.1.x86_64",
"product": {
"name": "libpng16-16-1.6.52-1.1.x86_64",
"product_id": "libpng16-16-1.6.52-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.52-1.1.x86_64",
"product": {
"name": "libpng16-16-32bit-1.6.52-1.1.x86_64",
"product_id": "libpng16-16-32bit-1.6.52-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.x86_64",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.x86_64",
"product_id": "libpng16-16-x86-64-v3-1.6.52-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.52-1.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.52-1.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.52-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.x86_64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.x86_64",
"product_id": "libpng16-compat-devel-32bit-1.6.52-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.x86_64",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.x86_64",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.52-1.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.52-1.1.x86_64",
"product_id": "libpng16-devel-1.6.52-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.52-1.1.x86_64",
"product": {
"name": "libpng16-devel-32bit-1.6.52-1.1.x86_64",
"product_id": "libpng16-devel-32bit-1.6.52-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.x86_64",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.x86_64",
"product_id": "libpng16-devel-x86-64-v3-1.6.52-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.52-1.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.52-1.1.x86_64",
"product_id": "libpng16-tools-1.6.52-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.52-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.aarch64"
},
"product_reference": "libpng16-16-1.6.52-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.52-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.52-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.52-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.s390x"
},
"product_reference": "libpng16-16-1.6.52-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.52-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.x86_64"
},
"product_reference": "libpng16-16-1.6.52-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.52-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.aarch64"
},
"product_reference": "libpng16-16-32bit-1.6.52-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.52-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.ppc64le"
},
"product_reference": "libpng16-16-32bit-1.6.52-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.52-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.s390x"
},
"product_reference": "libpng16-16-32bit-1.6.52-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.52-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.52-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.aarch64"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.52-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.ppc64le"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.52-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.s390x"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.52-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.52-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.x86_64"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.52-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.52-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.52-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.52-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.52-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.52-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.52-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.52-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.52-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.aarch64"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.52-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.52-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.s390x"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.52-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.52-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.x86_64"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.52-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.aarch64"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.s390x"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.x86_64"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.52-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.52-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.52-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.52-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.52-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.52-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.s390x"
},
"product_reference": "libpng16-devel-1.6.52-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.52-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.52-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.52-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.aarch64"
},
"product_reference": "libpng16-devel-32bit-1.6.52-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.52-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.ppc64le"
},
"product_reference": "libpng16-devel-32bit-1.6.52-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.52-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.s390x"
},
"product_reference": "libpng16-devel-32bit-1.6.52-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.52-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.x86_64"
},
"product_reference": "libpng16-devel-32bit-1.6.52-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.aarch64"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.52-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.ppc64le"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.s390x"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.52-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.52-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.x86_64"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.52-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.52-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.aarch64"
},
"product_reference": "libpng16-tools-1.6.52-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.52-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.ppc64le"
},
"product_reference": "libpng16-tools-1.6.52-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.52-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.s390x"
},
"product_reference": "libpng16-tools-1.6.52-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.52-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.52-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66293"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66293",
"url": "https://www.suse.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "SUSE Bug 1254480 for CVE-2025-66293",
"url": "https://bugzilla.suse.com/1254480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.52-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.52-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-66293"
}
]
}
OPENSUSE-SU-2026:20017-1
Vulnerability from csaf_opensuse - Published: 2026-01-12 11:14 - Updated: 2026-01-12 11:14Summary
Security update for libpng16
Notes
Title of the patch
Security update for libpng16
Description of the patch
This update for libpng16 fixes the following issues:
- CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices
(bsc#1254157).
- CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit`
enabled (bsc#1254158).
- CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with
`PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159).
- CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced
PNGs with 8-bit output format (bsc#1254160).
- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial
transparency and gamma correction (bsc#1254480).
Patchnames
openSUSE-Leap-16.0-131
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\n- CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices\n (bsc#1254157).\n- CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit`\n enabled (bsc#1254158).\n- CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with\n `PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159).\n- CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced\n PNGs with 8-bit output format (bsc#1254160).\n- CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial\n transparency and gamma correction (bsc#1254480).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-131",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20017-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1254157",
"url": "https://bugzilla.suse.com/1254157"
},
{
"category": "self",
"summary": "SUSE Bug 1254158",
"url": "https://bugzilla.suse.com/1254158"
},
{
"category": "self",
"summary": "SUSE Bug 1254159",
"url": "https://bugzilla.suse.com/1254159"
},
{
"category": "self",
"summary": "SUSE Bug 1254160",
"url": "https://bugzilla.suse.com/1254160"
},
{
"category": "self",
"summary": "SUSE Bug 1254480",
"url": "https://bugzilla.suse.com/1254480"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64505 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64720 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-65018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-65018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66293/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2026-01-12T11:14:46Z",
"generator": {
"date": "2026-01-12T11:14:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20017-1",
"initial_release_date": "2026-01-12T11:14:46Z",
"revision_history": [
{
"date": "2026-01-12T11:14:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.aarch64",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.aarch64",
"product_id": "libpng16-16-1.6.44-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"product_id": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.3.1.aarch64",
"product": {
"name": "libpng16-devel-1.6.44-160000.3.1.aarch64",
"product_id": "libpng16-devel-1.6.44-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.3.1.aarch64",
"product": {
"name": "libpng16-tools-1.6.44-160000.3.1.aarch64",
"product_id": "libpng16-tools-1.6.44-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.ppc64le",
"product_id": "libpng16-16-1.6.44-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"product_id": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.3.1.ppc64le",
"product": {
"name": "libpng16-devel-1.6.44-160000.3.1.ppc64le",
"product_id": "libpng16-devel-1.6.44-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.3.1.ppc64le",
"product": {
"name": "libpng16-tools-1.6.44-160000.3.1.ppc64le",
"product_id": "libpng16-tools-1.6.44-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.s390x",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.s390x",
"product_id": "libpng16-16-1.6.44-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"product_id": "libpng16-compat-devel-1.6.44-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.3.1.s390x",
"product": {
"name": "libpng16-devel-1.6.44-160000.3.1.s390x",
"product_id": "libpng16-devel-1.6.44-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.3.1.s390x",
"product": {
"name": "libpng16-tools-1.6.44-160000.3.1.s390x",
"product_id": "libpng16-tools-1.6.44-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-16-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-16-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-devel-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.3.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.44-160000.3.1.x86_64",
"product_id": "libpng16-tools-1.6.44-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.44-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64505"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64505",
"url": "https://www.suse.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "SUSE Bug 1254157 for CVE-2025-64505",
"url": "https://bugzilla.suse.com/1254157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:14:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64506"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64506",
"url": "https://www.suse.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "SUSE Bug 1254158 for CVE-2025-64506",
"url": "https://bugzilla.suse.com/1254158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:14:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64720"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64720",
"url": "https://www.suse.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "SUSE Bug 1254159 for CVE-2025-64720",
"url": "https://bugzilla.suse.com/1254159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:14:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-65018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-65018"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-65018",
"url": "https://www.suse.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "SUSE Bug 1254160 for CVE-2025-65018",
"url": "https://bugzilla.suse.com/1254160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:14:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66293"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66293",
"url": "https://www.suse.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "SUSE Bug 1254480 for CVE-2025-66293",
"url": "https://bugzilla.suse.com/1254480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.3.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-12T11:14:46Z",
"details": "important"
}
],
"title": "CVE-2025-66293"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…