Vulnerability-Lookup

RHSA-2026:0321

Vulnerability from csaf_redhat - Published: 2026-01-08 11:29 - Updated: 2026-01-13 22:41

Summary

Red Hat Security Advisory: libpng security update

Notes

Topic

An update for libpng is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. Security Fix(es): * libpng: LIBPNG buffer overflow (CVE-2025-64720) * libpng: LIBPNG heap buffer overflow (CVE-2025-65018) * libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for libpng is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:0321",
        "url": "https://access.redhat.com/errata/RHSA-2026:0321"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2416904",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
      },
      {
        "category": "external",
        "summary": "2416907",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
      },
      {
        "category": "external",
        "summary": "2418711",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0321.json"
      }
    ],
    "title": "Red Hat Security Advisory: libpng security update",
    "tracking": {
      "current_release_date": "2026-01-13T22:41:29+00:00",
      "generator": {
        "date": "2026-01-13T22:41:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.15"
        }
      },
      "id": "RHSA-2026:0321",
      "initial_release_date": "2026-01-08T11:29:49+00:00",
      "revision_history": [
        {
          "date": "2026-01-08T11:29:49+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-01-08T11:29:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-13T22:41:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
                  "product_id": "BaseOS-8.4.0.Z.AUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
                  "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng-2:1.6.34-8.el8_4.1.src",
                "product": {
                  "name": "libpng-2:1.6.34-8.el8_4.1.src",
                  "product_id": "libpng-2:1.6.34-8.el8_4.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.1?arch=src\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng-2:1.6.34-8.el8_4.1.i686",
                "product": {
                  "name": "libpng-2:1.6.34-8.el8_4.1.i686",
                  "product_id": "libpng-2:1.6.34-8.el8_4.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
                "product": {
                  "name": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
                  "product_id": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
                "product": {
                  "name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
                  "product_id": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
                "product": {
                  "name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
                  "product_id": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
                "product": {
                  "name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
                  "product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
                "product": {
                  "name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
                  "product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng-2:1.6.34-8.el8_4.1.x86_64",
                "product": {
                  "name": "libpng-2:1.6.34-8.el8_4.1.x86_64",
                  "product_id": "libpng-2:1.6.34-8.el8_4.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
                "product": {
                  "name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
                  "product_id": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
                "product": {
                  "name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
                  "product_id": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
                "product": {
                  "name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
                  "product_id": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
                "product": {
                  "name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
                  "product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
                "product": {
                  "name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
                  "product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-2:1.6.34-8.el8_4.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src"
        },
        "product_reference": "libpng-2:1.6.34-8.el8_4.1.src",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-2:1.6.34-8.el8_4.1.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src"
        },
        "product_reference": "libpng-2:1.6.34-8.el8_4.1.src",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686"
        },
        "product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
          "product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
        },
        "product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
        "relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-64720",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-11-25T00:00:54.081073+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416904"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libpng: LIBPNG buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
          "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-64720"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416904",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
          "url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/issues/686",
          "url": "https://github.com/pnggroup/libpng/issues/686"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/pull/751",
          "url": "https://github.com/pnggroup/libpng/pull/751"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
          "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
        }
      ],
      "release_date": "2025-11-24T23:45:38.315000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T11:29:49+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0321"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libpng: LIBPNG buffer overflow"
    },
    {
      "cve": "CVE-2025-65018",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2025-11-25T00:01:05.570152+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2416907"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libpng: LIBPNG heap buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
          "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-65018"
        },
        {
          "category": "external",
          "summary": "RHBZ#2416907",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
          "url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
          "url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/issues/755",
          "url": "https://github.com/pnggroup/libpng/issues/755"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/pull/757",
          "url": "https://github.com/pnggroup/libpng/pull/757"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
          "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
        }
      ],
      "release_date": "2025-11-24T23:50:18.294000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T11:29:49+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0321"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libpng: LIBPNG heap buffer overflow"
    },
    {
      "cve": "CVE-2025-66293",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-12-03T21:00:59.956903+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418711"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
          "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
          "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66293"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418711",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
          "url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
          "url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/issues/764",
          "url": "https://github.com/pnggroup/libpng/issues/764"
        },
        {
          "category": "external",
          "summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
          "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
        }
      ],
      "release_date": "2025-12-03T20:33:57.086000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-08T11:29:49+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0321"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
            "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
    }
  ]
}

CVE-2025-66293 (GCVE-0-2025-66293)

Vulnerability from cvelistv5 – Published: 2025-12-03 20:33 – Updated: 2025-12-04 01:31

Title

LIBPNG has an out-of-bounds read in png_image_read_composite

Summary

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

GitHub_M

References

URL

Tags

	https://github.com/pnggroup/libpng/security/advis…	x_refsource_CONFIRM
	https://github.com/pnggroup/libpng/issues/764	x_refsource_MISC
	https://github.com/pnggroup/libpng/commit/788a624…	x_refsource_MISC
	https://github.com/pnggroup/libpng/commit/a05a48b…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	pnggroup	libpng	Affected: < 1.6.52

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66293",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-03T20:52:13.771582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-03T20:55:03.573Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/pnggroup/libpng/issues/764"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-12-04T01:31:47.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/03/6"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/03/7"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/12/03/8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libpng",
          "vendor": "pnggroup",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.52"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T20:33:57.086Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
        },
        {
          "name": "https://github.com/pnggroup/libpng/issues/764",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/issues/764"
        },
        {
          "name": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
        },
        {
          "name": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
        }
      ],
      "source": {
        "advisory": "GHSA-9mpm-9pxh-mg4f",
        "discovery": "UNKNOWN"
      },
      "title": "LIBPNG has an out-of-bounds read in png_image_read_composite"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66293",
    "datePublished": "2025-12-03T20:33:57.086Z",
    "dateReserved": "2025-11-26T23:11:46.392Z",
    "dateUpdated": "2025-12-04T01:31:47.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-65018 (GCVE-0-2025-65018)

Vulnerability from cvelistv5 – Published: 2025-11-24 23:50 – Updated: 2025-11-25 19:29

Title

LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`

Summary

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write
CWE-122 - Heap-based Buffer Overflow

Assigner

GitHub_M

References

URL

Tags

	https://github.com/pnggroup/libpng/security/advis…	x_refsource_CONFIRM
	https://github.com/pnggroup/libpng/issues/755	x_refsource_MISC
	https://github.com/pnggroup/libpng/pull/757	x_refsource_MISC
	https://github.com/pnggroup/libpng/commit/16b5e38…	x_refsource_MISC
	https://github.com/pnggroup/libpng/commit/218612d…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	pnggroup	libpng	Affected: >= 1.6.0, < 1.6.51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-65018",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-25T19:29:28.950712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-25T19:29:33.633Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/pnggroup/libpng/issues/755"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libpng",
          "vendor": "pnggroup",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.6.0, \u003c 1.6.51"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-24T23:50:18.294Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
        },
        {
          "name": "https://github.com/pnggroup/libpng/issues/755",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/issues/755"
        },
        {
          "name": "https://github.com/pnggroup/libpng/pull/757",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/pull/757"
        },
        {
          "name": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
        },
        {
          "name": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
        }
      ],
      "source": {
        "advisory": "GHSA-7wv6-48j4-hj3g",
        "discovery": "UNKNOWN"
      },
      "title": "LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-65018",
    "datePublished": "2025-11-24T23:50:18.294Z",
    "dateReserved": "2025-11-13T15:36:51.680Z",
    "dateUpdated": "2025-11-25T19:29:33.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-64720 (GCVE-0-2025-64720)

Vulnerability from cvelistv5 – Published: 2025-11-24 23:45 – Updated: 2025-11-25 19:28

Title

LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication

Summary

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

GitHub_M

References

URL

Tags

	https://github.com/pnggroup/libpng/security/advis…	x_refsource_CONFIRM
	https://github.com/pnggroup/libpng/issues/686	x_refsource_MISC
	https://github.com/pnggroup/libpng/pull/751	x_refsource_MISC
	https://github.com/pnggroup/libpng/commit/08da33b…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	pnggroup	libpng	Affected: >= 1.6.0, < 1.6.51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-64720",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-25T19:28:16.806638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-25T19:28:20.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libpng",
          "vendor": "pnggroup",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.6.0, \u003c 1.6.51"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-24T23:45:38.315Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
        },
        {
          "name": "https://github.com/pnggroup/libpng/issues/686",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/issues/686"
        },
        {
          "name": "https://github.com/pnggroup/libpng/pull/751",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/pull/751"
        },
        {
          "name": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
        }
      ],
      "source": {
        "advisory": "GHSA-hfc7-ph9c-wcww",
        "discovery": "UNKNOWN"
      },
      "title": "LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-64720",
    "datePublished": "2025-11-24T23:45:38.315Z",
    "dateReserved": "2025-11-10T14:07:42.922Z",
    "dateUpdated": "2025-11-25T19:28:20.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:0321

CVE-2025-66293 (GCVE-0-2025-66293)

CVE-2025-65018 (GCVE-0-2025-65018)

CVE-2025-64720 (GCVE-0-2025-64720)

Tags

Sightings

Nomenclature