Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-65018 (GCVE-0-2025-65018)
Vulnerability from cvelistv5 – Published: 2025-11-24 23:50 – Updated: 2025-11-25 19:29
VLAI?
EPSS
Title
LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
Severity ?
7.1 (High)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65018",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:29:28.950712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:29:33.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/issues/755"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6.0, \u003c 1.6.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T23:50:18.294Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
},
{
"name": "https://github.com/pnggroup/libpng/issues/755",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"name": "https://github.com/pnggroup/libpng/pull/757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"name": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"name": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
}
],
"source": {
"advisory": "GHSA-7wv6-48j4-hj3g",
"discovery": "UNKNOWN"
},
"title": "LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65018",
"datePublished": "2025-11-24T23:50:18.294Z",
"dateReserved": "2025-11-13T15:36:51.680Z",
"dateUpdated": "2025-11-25T19:29:33.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-65018\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-11-25T00:15:47.610\",\"lastModified\":\"2025-11-26T18:34:53.650\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.6.0\",\"versionEndExcluding\":\"1.6.51\",\"matchCriteriaId\":\"3545FEA5-4FFA-4955-BFDA-CC3602C9A894\"}]}]}],\"references\":[{\"url\":\"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/issues/755\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/pnggroup/libpng/pull/757\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/pnggroup/libpng/issues/755\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-65018\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-25T19:29:28.950712Z\"}}}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g\", \"tags\": [\"exploit\"]}, {\"url\": \"https://github.com/pnggroup/libpng/issues/755\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-25T19:29:24.065Z\"}}], \"cna\": {\"title\": \"LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`\", \"source\": {\"advisory\": \"GHSA-7wv6-48j4-hj3g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"pnggroup\", \"product\": \"libpng\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.6.0, \u003c 1.6.51\"}]}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g\", \"name\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pnggroup/libpng/issues/755\", \"name\": \"https://github.com/pnggroup/libpng/issues/755\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/pull/757\", \"name\": \"https://github.com/pnggroup/libpng/pull/757\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d\", \"name\": \"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea\", \"name\": \"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-11-24T23:50:18.294Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-65018\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-25T19:29:33.633Z\", \"dateReserved\": \"2025-11-13T15:36:51.680Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-11-24T23:50:18.294Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:0216
Vulnerability from csaf_redhat - Published: 2026-01-07 11:23 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0216",
"url": "https://access.redhat.com/errata/RHSA-2026:0216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0216.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:42+00:00",
"generator": {
"date": "2026-01-14T20:31:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0216",
"initial_release_date": "2026-01-07T11:23:35+00:00",
"revision_history": [
{
"date": "2026-01-07T11:23:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T11:23:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"product_id": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_2.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_2.1.i686",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.i686",
"product_id": "libpng-devel-2:1.6.37-12.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_2.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"product_id": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_2.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.src",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.src",
"product_id": "libpng-2:1.6.37-12.el9_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"product_id": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_2.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_2.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T11:23:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0216"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T11:23:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0216"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T11:23:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0216"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.src",
"BaseOS-9.2.0.Z.E4S:libpng-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_2.1.x86_64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.aarch64",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.i686",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.ppc64le",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.s390x",
"BaseOS-9.2.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0211
Vulnerability from csaf_redhat - Published: 2026-01-07 12:57 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0211",
"url": "https://access.redhat.com/errata/RHSA-2026:0211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0211.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:41+00:00",
"generator": {
"date": "2026-01-14T20:31:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0211",
"initial_release_date": "2026-01-07T12:57:50+00:00",
"revision_history": [
{
"date": "2026-01-07T12:57:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T12:57:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_4.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.aarch64",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.aarch64",
"product_id": "libpng-2:1.6.37-12.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.ppc64le",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.ppc64le",
"product_id": "libpng-2:1.6.37-12.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-devel-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.i686",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.i686",
"product_id": "libpng-2:1.6.37-12.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.x86_64",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.x86_64",
"product_id": "libpng-2:1.6.37-12.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_4.1.src",
"product": {
"name": "libpng-2:1.6.37-12.el9_4.1.src",
"product_id": "libpng-2:1.6.37-12.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_4.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T12:57:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0211"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T12:57:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0211"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T12:57:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0211"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:libpng-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0212
Vulnerability from csaf_redhat - Published: 2026-01-07 09:24 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0212",
"url": "https://access.redhat.com/errata/RHSA-2026:0212"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0212.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:42+00:00",
"generator": {
"date": "2026-01-14T20:31:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0212",
"initial_release_date": "2026-01-07T09:24:35+00:00",
"revision_history": [
{
"date": "2026-01-07T09:24:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T09:24:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_0.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_0.1.x86_64",
"product": {
"name": "libpng-2:1.6.40-8.el10_0.1.x86_64",
"product_id": "libpng-2:1.6.40-8.el10_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_0.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_0.1.aarch64",
"product": {
"name": "libpng-2:1.6.40-8.el10_0.1.aarch64",
"product_id": "libpng-2:1.6.40-8.el10_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_0.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_0.1.ppc64le",
"product": {
"name": "libpng-2:1.6.40-8.el10_0.1.ppc64le",
"product_id": "libpng-2:1.6.40-8.el10_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_0.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_0.1.src",
"product": {
"name": "libpng-2:1.6.40-8.el10_0.1.src",
"product_id": "libpng-2:1.6.40-8.el10_0.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_0.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.src",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"product_id": "BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"relates_to_product_reference": "BaseOS-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T09:24:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0212"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T09:24:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0212"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T09:24:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0212"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"AppStream-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"AppStream-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.src",
"BaseOS-10.0.Z.E2S:libpng-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-debugsource-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-devel-debuginfo-2:1.6.40-8.el10_0.1.x86_64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.aarch64",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.ppc64le",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.s390x",
"BaseOS-10.0.Z.E2S:libpng-tools-debuginfo-2:1.6.40-8.el10_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0323
Vulnerability from csaf_redhat - Published: 2026-01-08 11:26 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0323",
"url": "https://access.redhat.com/errata/RHSA-2026:0323"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0323.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:46+00:00",
"generator": {
"date": "2026-01-14T20:31:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0323",
"initial_release_date": "2026-01-08T11:26:24+00:00",
"revision_history": [
{
"date": "2026-01-08T11:26:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T11:26:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_2.1.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_2.1.src",
"product_id": "libpng-2:1.6.34-8.el8_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_2.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_2.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_2.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_2.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_2.1.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:26:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0323"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:26:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0323"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:26:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0323"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.src",
"BaseOS-8.2.0.Z.AUS:libpng-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_2.1.x86_64",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.i686",
"BaseOS-8.2.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0238
Vulnerability from csaf_redhat - Published: 2026-01-07 13:43 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0238",
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0238.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:44+00:00",
"generator": {
"date": "2026-01-14T20:31:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0238",
"initial_release_date": "2026-01-07T13:43:11+00:00",
"revision_history": [
{
"date": "2026-01-07T13:43:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T13:43:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_7.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.aarch64",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.aarch64",
"product_id": "libpng-2:1.6.37-12.el9_7.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.ppc64le",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.ppc64le",
"product_id": "libpng-2:1.6.37-12.el9_7.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-devel-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.i686",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.i686",
"product_id": "libpng-2:1.6.37-12.el9_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.x86_64",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.x86_64",
"product_id": "libpng-2:1.6.37-12.el9_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_7.1.src",
"product": {
"name": "libpng-2:1.6.37-12.el9_7.1.src",
"product_id": "libpng-2:1.6.37-12.el9_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_7.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.src",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"relates_to_product_reference": "BaseOS-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:43:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:43:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:43:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"AppStream-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"AppStream-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.src",
"BaseOS-9.7.0.Z.MAIN:libpng-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.aarch64",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.i686",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.ppc64le",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.s390x",
"BaseOS-9.7.0.Z.MAIN:libpng-tools-debuginfo-2:1.6.37-12.el9_7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0210
Vulnerability from csaf_redhat - Published: 2026-01-07 13:02 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0210",
"url": "https://access.redhat.com/errata/RHSA-2026:0210"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0210.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:44+00:00",
"generator": {
"date": "2026-01-14T20:31:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0210",
"initial_release_date": "2026-01-07T13:02:56+00:00",
"revision_history": [
{
"date": "2026-01-07T13:02:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T13:02:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_6.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.aarch64",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.aarch64",
"product_id": "libpng-2:1.6.37-12.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.ppc64le",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.ppc64le",
"product_id": "libpng-2:1.6.37-12.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-devel-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.i686",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.i686",
"product_id": "libpng-2:1.6.37-12.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.x86_64",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.x86_64",
"product_id": "libpng-2:1.6.37-12.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_6.1.src",
"product": {
"name": "libpng-2:1.6.37-12.el9_6.1.src",
"product_id": "libpng-2:1.6.37-12.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_6.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"product_id": "BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:02:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0210"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:02:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0210"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:02:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0210"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.src",
"BaseOS-9.6.0.Z.EUS:libpng-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-debugsource-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-devel-debuginfo-2:1.6.37-12.el9_6.1.x86_64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.aarch64",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.i686",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.ppc64le",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.s390x",
"BaseOS-9.6.0.Z.EUS:libpng-tools-debuginfo-2:1.6.37-12.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0414
Vulnerability from csaf_redhat - Published: 2026-01-08 22:34 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Notes
Topic
A Subscription Management tool for finding and reporting Red Hat product usage
Details
Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0414",
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-5642",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-45582",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4598",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59682",
"url": "https://access.redhat.com/security/cve/CVE-2025-59682"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6069",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6075",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61984",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61985",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64460",
"url": "https://access.redhat.com/security/cve/CVE-2025-64460"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64720",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65018",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66293",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8291",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0414.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-01-14T20:31:46+00:00",
"generator": {
"date": "2026-01-14T20:31:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0414",
"initial_release_date": "2026-01-08T22:34:17+00:00",
"revision_history": [
{
"date": "2026-01-08T22:34:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T22:34:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Ad4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294682"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with a Low severity due to NPN not being widely used and specifying an empty list is likely uncommon in practice. Typically, a protocol name would be configured.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "RHBZ#2294682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
}
],
"release_date": "2024-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used"
},
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"discovery_date": "2025-05-29T19:04:54.578000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369242"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was rated as having a severity of Moderate due to the complexity to exploit this flaw. The attacker needs to setup a way to win the race condition and have an unprivileged local account to successfully exploit this vulnerability.\n\nBy default Red Hat Enterprise Linux 8 doesn\u0027t allow systemd-coredump to create dumps of SUID programs as the /proc/sys/fs/suid_dumpable is set to 0, disabling by default this capability.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-364: Signal Handler Race Condition vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces least functionality by enabling only essential features, services, and ports to reduce the system\u2019s attack surface. Static code analysis, peer reviews, and strong input validation detect unsafe input that could influence execution timing or path resolution. Real-time threat detection, including IPS/IDS, antimalware, and continuous monitoring, supports rapid identification of exploitation attempts. Process isolation and Kubernetes orchestration minimize the risk of concurrent execution conflicts and contain potential impacts. Executable search paths are limited to trusted, explicitly defined directories, reducing the risk of executing malicious files. Additionally, signal handling is implemented using secure development practices that mitigate asynchronous execution risks, and workloads run in environments that abstract direct signal management.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "RHBZ#2369242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/29/3",
"url": "https://www.openwall.com/lists/oss-security/2025/05/29/3"
}
],
"release_date": "2025-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "This issue can be mitigated by disabling the capability of the system to generate a coredump for SUID binaries. The perform that, the following command can be ran as `root` user:\n\n~~~\necho 0 \u003e /proc/sys/fs/suid_dumpable\n~~~\n\nWhile this mitigates this vulnerability while it\u0027s not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"
},
{
"cve": "CVE-2025-6069",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2025-06-17T14:00:45.339399+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373234"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service (DoS) vulnerability has been discovered in Python\u0027s html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Python HTMLParser quadratic complexity",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-1333: Inefficient Regular Expression Complexity and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nBaseline configurations enforce secure coding practices that restrict the use of inefficient or vulnerable regular expression patterns known to cause excessive backtracking or resource consumption. Input validation routines sanitize and constrain user input before it is evaluated by regular expressions, reducing the risk of triggering regex-related performance issues. Real-time system monitoring detects abnormal CPU usage or request latency indicative of inefficient regex execution, enabling timely investigation and response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "RHBZ#2373234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949",
"url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41",
"url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b",
"url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135462",
"url": "https://github.com/python/cpython/issues/135462"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135464",
"url": "https://github.com/python/cpython/pull/135464"
}
],
"release_date": "2025-06-17T13:39:46.058000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Python HTMLParser quadratic complexity"
},
{
"cve": "CVE-2025-6075",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-31T17:01:47.052517+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408891"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Python\u2019s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "RHBZ#2408891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/136065",
"url": "https://github.com/python/cpython/issues/136065"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
}
],
"release_date": "2025-10-31T16:41:34.983000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
},
{
"cve": "CVE-2025-8291",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-10-07T19:01:23.599055+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402342"
}
],
"notes": [
{
"category": "description",
"text": "The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-130: Improper Handling of Length Parameter Inconsistency and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation ensures length parameters align with actual buffer or data structure sizes, preventing truncation, overflow, and memory corruption. Secure development practices, such as static code analysis and peer reviews, detect improper length handling early and enforce consistency between declared and actual sizes. At runtime, process isolation contains memory anomalies within the originating context, preventing system-wide impact. Real-time monitoring detects crashes, segmentation faults, or buffer misuse, enabling prompt investigation and remediation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "RHBZ#2402342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267",
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6",
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/139700",
"url": "https://github.com/python/cpython/issues/139700"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/139702",
"url": "https://github.com/python/cpython/pull/139702"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
}
],
"release_date": "2025-10-07T18:10:05.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-606: Unchecked Input for Loop Condition vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation controls are in place, which ensure that any input controlling loop behavior is validated against strict criteria like type, length, and range before being processed. This prevents malicious or abnormal inputs from causing excessive or infinite iterations, thereby avoiding logic errors or system overloads. Memory protection controls such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protect the system\u2019s memory from overuse or corruption if an unchecked input were to cause a loop to execute excessively. It ensures that memory is safely allocated and accessed, reducing the risks of buffer overflows, resource exhaustion, or crashes. Lastly, the implementation of security engineering principles dictates the use of secure coding practices, such as input validation, loop iteration limits, and error handling, are integrated during system design and development.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-45582",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2025-07-11T17:00:47.340822+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379592"
}
],
"notes": [
{
"category": "description",
"text": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the \u2018--keep-old-files\u2019 (\u2018-k\u2019), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar: Tar path traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-24: Path Traversal: \u0027../filedir\u0027 and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nBaseline configurations enforce strict privilege levels for code execution, allowing only authorized processes to access or modify files within approved directories. Input validation sanitizes and verifies user-supplied file paths against defined patterns, blocking traversal sequences that could enable unauthorized access outside designated locations. Configuration settings further restrict directory and file system access, ensuring applications operate within approved resources and execution boundaries.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "RHBZ#2379592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md",
"url": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/",
"url": "https://www.gnu.org/software/tar/"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity",
"url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity"
}
],
"release_date": "2025-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tar: Tar path traversal"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-59682",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-30T13:18:31.746000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2400450"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the \"startapp --template\" and \"startproject --template\" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "django: Potential partial directory-traversal via archive.extract()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59682"
},
{
"category": "external",
"summary": "RHBZ#2400450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59682"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682"
}
],
"release_date": "2025-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "django: Potential partial directory-traversal via archive.extract()"
},
{
"cve": "CVE-2025-61984",
"cwe": {
"id": "CWE-159",
"name": "Improper Handling of Invalid Use of Special Elements"
},
"discovery_date": "2025-10-06T19:01:13.449665+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401960"
}
],
"notes": [
{
"category": "description",
"text": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nThe issue occurs only when a ProxyCommand is configured and the SSH client handles a username containing control characters from an untrusted source, such as script-generated input or expanded configuration values.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-159: Improper Handling of Invalid Use of Special Elements\n\nStrict input validation sanitizes user-supplied data to ensure special elements, such as control characters, escape sequences, or delimiters, are only allowed when explicitly required, preventing malformed inputs from disrupting control flow, parsing, or protocol logic. Secure development practices, including static code analysis and peer reviews, catch improper handling of special elements early in the lifecycle, reducing the risk of logic flaws and injection vectors. Additionally, robust error handling and process isolation contain the impact of malformed inputs to the originating context, avoiding system-wide disruption or data exposure. Real-time monitoring detects anomalous behavior stemming from improper input handling, enabling prompt investigation and response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "RHBZ#2401960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-61985",
"cwe": {
"id": "CWE-158",
"name": "Improper Neutralization of Null Byte or NUL Character"
},
"discovery_date": "2025-10-06T19:01:16.841946+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401962"
}
],
"notes": [
{
"category": "description",
"text": "ssh in OpenSSH before 10.1 allows the \u0027\\0\u0027 character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nExploiting this vulnerability would require a specific configuration where ProxyCommand is enabled and the SSH client processes an untrusted ssh:// URI containing null bytes. Under these conditions, the command parser may misinterpret the URI and execute unintended shell commands.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-158: Improper Neutralization of Null Byte or NUL Character, and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation routines rigorously sanitize user-supplied data, ensuring special elements, such as control characters, escape sequences, or delimiters, are securely handled or rejected when not explicitly required. This prevents malformed input from disrupting control flow, altering parsing logic, or introducing injection risks. Secure development practices, including static code analysis and peer reviews, detect and remediate improper handling of special elements early in the development lifecycle. Runtime safeguards such as process isolation confine the impact of unexpected input to its execution context, preventing broader system instability or data exposure. Real-time monitoring further supports timely detection and response to anomalies or parsing errors related to special element misuse.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "RHBZ#2401962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-64460",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-12-02T16:01:05.300335+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service (DoS) attack triggering Central Processing Unit (CPU) and memory exhaustion via specially crafted Extensible Markup Language (XML) input processed by the XML Deserializer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that process XML input using Django\u0027s XML Deserializer, including Red Hat Ansible Automation Platform, Red Hat OpenStack Platform, and OpenShift Service Mesh. A remote attacker can exploit this flaw by providing specially crafted XML, leading to a denial-of-service due to CPU and memory exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64460"
},
{
"category": "external",
"summary": "RHBZ#2418366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/",
"url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/"
}
],
"release_date": "2025-12-02T15:15:34.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service"
},
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
}
]
}
RHSA-2026:0234
Vulnerability from csaf_redhat - Published: 2026-01-07 13:03 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0234",
"url": "https://access.redhat.com/errata/RHSA-2026:0234"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0234.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:43+00:00",
"generator": {
"date": "2026-01-14T20:31:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0234",
"initial_release_date": "2026-01-07T13:03:31+00:00",
"revision_history": [
{
"date": "2026-01-07T13:03:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T13:03:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.src",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.src",
"product_id": "libpng-2:1.6.37-12.el9_0.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"product_id": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_0.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"product_id": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_0.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_0.1.i686",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.i686",
"product_id": "libpng-devel-2:1.6.37-12.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_0.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"product_id": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_0.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.37-12.el9_0.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:03:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:03:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:03:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0234"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.src",
"BaseOS-9.0.0.Z.E4S:libpng-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-debugsource-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-devel-debuginfo-2:1.6.37-12.el9_0.1.x86_64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.aarch64",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.i686",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.ppc64le",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.s390x",
"BaseOS-9.0.0.Z.E4S:libpng-tools-debuginfo-2:1.6.37-12.el9_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0313
Vulnerability from csaf_redhat - Published: 2026-01-08 11:38 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0313",
"url": "https://access.redhat.com/errata/RHSA-2026:0313"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0313.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:46+00:00",
"generator": {
"date": "2026-01-14T20:31:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0313",
"initial_release_date": "2026-01-08T11:38:59+00:00",
"revision_history": [
{
"date": "2026-01-08T11:38:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T11:38:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.1.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.1.src",
"product_id": "libpng-2:1.6.34-8.el8_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:38:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:38:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:38:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.1.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0237
Vulnerability from csaf_redhat - Published: 2026-01-07 13:29 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0237",
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0237.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:43+00:00",
"generator": {
"date": "2026-01-14T20:31:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0237",
"initial_release_date": "2026-01-07T13:29:16+00:00",
"revision_history": [
{
"date": "2026-01-07T13:29:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T13:29:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_1.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_1.1.aarch64",
"product": {
"name": "libpng-2:1.6.40-8.el10_1.1.aarch64",
"product_id": "libpng-2:1.6.40-8.el10_1.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_1.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_1.1.ppc64le",
"product": {
"name": "libpng-2:1.6.40-8.el10_1.1.ppc64le",
"product_id": "libpng-2:1.6.40-8.el10_1.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_1.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_1.1.x86_64",
"product": {
"name": "libpng-2:1.6.40-8.el10_1.1.x86_64",
"product_id": "libpng-2:1.6.40-8.el10_1.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_1.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.40-8.el10_1.1.src",
"product": {
"name": "libpng-2:1.6.40-8.el10_1.1.src",
"product_id": "libpng-2:1.6.40-8.el10_1.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.40-8.el10_1.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.src",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"relates_to_product_reference": "BaseOS-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
"product_id": "BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"relates_to_product_reference": "BaseOS-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:29:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:29:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T13:29:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"AppStream-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"AppStream-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.src",
"BaseOS-10.1.Z:libpng-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-debugsource-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-devel-debuginfo-2:1.6.40-8.el10_1.1.x86_64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.aarch64",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.ppc64le",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.s390x",
"BaseOS-10.1.Z:libpng-tools-debuginfo-2:1.6.40-8.el10_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0322
Vulnerability from csaf_redhat - Published: 2026-01-08 12:09 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0322",
"url": "https://access.redhat.com/errata/RHSA-2026:0322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0322.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:46+00:00",
"generator": {
"date": "2026-01-14T20:31:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0322",
"initial_release_date": "2026-01-08T12:09:44+00:00",
"revision_history": [
{
"date": "2026-01-08T12:09:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T12:09:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.src",
"product_id": "libpng-2:1.6.34-8.el8_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.1?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.1?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.1?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T12:09:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0322"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T12:09:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0322"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T12:09:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0322"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.1.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0241
Vulnerability from csaf_redhat - Published: 2026-01-07 14:21 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0241",
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0241.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:44+00:00",
"generator": {
"date": "2026-01-14T20:31:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0241",
"initial_release_date": "2026-01-07T14:21:46+00:00",
"revision_history": [
{
"date": "2026-01-07T14:21:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-07T14:21:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.src",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.src",
"product_id": "libpng-2:1.6.34-9.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-devel-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-devel-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-9.el8_10?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-9.el8_10?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-devel-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-devel-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-debugsource-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-9.el8_10?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-devel-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-9.el8_10?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-devel-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-devel-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-9.el8_10?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-devel-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-devel-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-devel-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T14:21:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T14:21:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-07T14:21:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-9.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0321
Vulnerability from csaf_redhat - Published: 2026-01-08 11:29 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: libpng security update
Notes
Topic
An update for libpng is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0321",
"url": "https://access.redhat.com/errata/RHSA-2026:0321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0321.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:46+00:00",
"generator": {
"date": "2026-01-14T20:31:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0321",
"initial_release_date": "2026-01-08T11:29:49+00:00",
"revision_history": [
{
"date": "2026-01-08T11:29:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T11:29:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.1.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.1.src",
"product_id": "libpng-2:1.6.34-8.el8_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.1?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_4.1?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_4.1?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:29:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0321"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:29:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0321"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T11:29:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0321"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.1.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
RHSA-2026:0125
Vulnerability from csaf_redhat - Published: 2026-01-06 11:25 - Updated: 2026-01-14 20:31Summary
Red Hat Security Advisory: mingw-libpng security update
Notes
Topic
An update for mingw-libpng is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
MinGW Windows Libpng library.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for mingw-libpng is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "MinGW Windows Libpng library.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG buffer overflow (CVE-2025-64720)\n\n* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)\n\n* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0125",
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0125.json"
}
],
"title": "Red Hat Security Advisory: mingw-libpng security update",
"tracking": {
"current_release_date": "2026-01-14T20:31:44+00:00",
"generator": {
"date": "2026-01-14T20:31:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0125",
"initial_release_date": "2026-01-06T11:25:54+00:00",
"revision_history": [
{
"date": "2026-01-06T11:25:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-06T11:25:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-14T20:31:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "mingw-libpng-0:1.6.34-1.el8_10.src",
"product": {
"name": "mingw-libpng-0:1.6.34-1.el8_10.src",
"product_id": "mingw-libpng-0:1.6.34-1.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw-libpng@1.6.34-1.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libpng@1.6.34-1.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libpng-static@1.6.34-1.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw64-libpng@1.6.34-1.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw64-libpng-static-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw64-libpng-static-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw64-libpng-static-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw64-libpng-static@1.6.34-1.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libpng-debuginfo@1.6.34-1.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product": {
"name": "mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product_id": "mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw64-libpng-debuginfo@1.6.34-1.el8_10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw-libpng-0:1.6.34-1.el8_10.src as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src"
},
"product_reference": "mingw-libpng-0:1.6.34-1.el8_10.src",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libpng-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libpng-static-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw64-libpng-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw64-libpng-static-0:1.6.34-1.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
},
"product_reference": "mingw64-libpng-static-0:1.6.34-1.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-06T11:25:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-06T11:25:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it affects libpng, a widely used library for processing PNG images. An out-of-bounds read can occur in libpng\u0027s simplified API when handling specially crafted PNG images with partial transparency and gamma correction. This could lead to information disclosure or application crashes in software that processes untrusted PNG files using affected versions of libpng.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-06T11:25:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-1.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-1.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-1.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
}
]
}
MSRC_CVE-2025-65018
Vulnerability from csaf_microsoft - Published: 2025-11-02 00:00 - Updated: 2025-12-02 01:40Summary
LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65018 LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-65018.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`",
"tracking": {
"current_release_date": "2025-12-02T01:40:36.000Z",
"generator": {
"date": "2025-12-03T22:59:15.055Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-65018",
"initial_release_date": "2025-11-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-11-27T01:03:43.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-02T01:40:36.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 libpng 1.6.40-1",
"product": {
"name": "\u003cazl3 libpng 1.6.40-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 libpng 1.6.40-1",
"product": {
"name": "azl3 libpng 1.6.40-1",
"product_id": "20674"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 libpng 1.6.39-1",
"product": {
"name": "\u003ccbl2 libpng 1.6.39-1",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "cbl2 libpng 1.6.39-1",
"product": {
"name": "cbl2 libpng 1.6.39-1",
"product_id": "18435"
}
}
],
"category": "product_name",
"name": "libpng"
},
{
"category": "product_name",
"name": "azl3 qtbase 6.6.3-4",
"product": {
"name": "azl3 qtbase 6.6.3-4",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "6"
}
},
{
"category": "product_name",
"name": "cbl2 qt5-qtbase 5.12.11-18",
"product": {
"name": "cbl2 qt5-qtbase 5.12.11-18",
"product_id": "2"
}
},
{
"category": "product_name",
"name": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "cbl2 tensorflow 2.11.1-2",
"product_id": "3"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libpng 1.6.40-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libpng 1.6.40-1 as a component of Azure Linux 3.0",
"product_id": "20674-17084"
},
"product_reference": "20674",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 qtbase 6.6.3-4 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libpng 1.6.39-1 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libpng 1.6.39-1 as a component of CBL Mariner 2.0",
"product_id": "18435-17086"
},
"product_reference": "18435",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 qt5-qtbase 5.12.11-18 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tensorflow 2.11.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-4",
"17084-6",
"17086-2",
"17086-3"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20674-17084",
"18435-17086"
],
"known_affected": [
"17084-1",
"17086-5"
],
"known_not_affected": [
"17084-4",
"17084-6",
"17086-2",
"17086-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65018 LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-65018.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-27T01:03:43.000Z",
"details": "1.6.51-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"17086-5"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-1",
"17086-5"
]
}
],
"title": "LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`"
}
]
}
CERTFR-2026-AVI-0014
Vulnerability from certfr_avis - Published: 2026-01-08 - Updated: 2026-01-08
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions antérieures à 18.5.5 | ||
| GitLab | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.6.x antérieures à 18.6.3 | ||
| GitLab | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.7.x antérieures à 18.7.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 18.5.5",
"product": {
"name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.6.x ant\u00e9rieures \u00e0 18.6.3",
"product": {
"name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.7.x ant\u00e9rieures \u00e0 18.7.1",
"product": {
"name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-9222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9222"
},
{
"name": "CVE-2025-11246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11246"
},
{
"name": "CVE-2025-10569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10569"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-3950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3950"
},
{
"name": "CVE-2025-13772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13772"
},
{
"name": "CVE-2025-13781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13781"
},
{
"name": "CVE-2025-13761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13761"
}
],
"initial_release_date": "2026-01-08T00:00:00",
"last_revision_date": "2026-01-08T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": "2026-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 GitLab",
"url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/"
}
]
}
CERTFR-2026-AVI-0014
Vulnerability from certfr_avis - Published: 2026-01-08 - Updated: 2026-01-08
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| GitLab | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions antérieures à 18.5.5 | ||
| GitLab | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.6.x antérieures à 18.6.3 | ||
| GitLab | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) | GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.7.x antérieures à 18.7.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions ant\u00e9rieures \u00e0 18.5.5",
"product": {
"name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.6.x ant\u00e9rieures \u00e0 18.6.3",
"product": {
"name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
"vendor": {
"name": "GitLab",
"scada": false
}
}
},
{
"description": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 18.7.x ant\u00e9rieures \u00e0 18.7.1",
"product": {
"name": "GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE)",
"vendor": {
"name": "GitLab",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-9222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9222"
},
{
"name": "CVE-2025-11246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11246"
},
{
"name": "CVE-2025-10569",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10569"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-3950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3950"
},
{
"name": "CVE-2025-13772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13772"
},
{
"name": "CVE-2025-13781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13781"
},
{
"name": "CVE-2025-13761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13761"
}
],
"initial_release_date": "2026-01-08T00:00:00",
"last_revision_date": "2026-01-08T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GitLab. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GitLab",
"vendor_advisories": [
{
"published_at": "2026-01-07",
"title": "Bulletin de s\u00e9curit\u00e9 GitLab",
"url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/"
}
]
}
CERTFR-2025-AVI-1064
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cups 2.3.3op2-10 | ||
| Microsoft | N/A | cbl2 grub2 2.06-15 | ||
| Microsoft | N/A | cbl2 nodejs18 18.20.3-9 | ||
| Microsoft | N/A | cbl2 fluent-bit versions antérieures à 3.0.6-5 | ||
| Microsoft | N/A | azl3 kernel versions antérieures à 6.6.117.1-1 | ||
| Microsoft | N/A | azl3 kubevirt 1.5.0-5 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 nodejs 20.14.0-9 | ||
| Microsoft | N/A | azl3 glib versions antérieures à 2.78.6-5 | ||
| Microsoft | N/A | azl3 grub2 2.06-25 | ||
| Microsoft | N/A | azl3 libxslt 1.1.43-1 | ||
| Microsoft | N/A | azl3 expat 2.6.4-2 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | cbl2 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | cbl2 libxslt 1.1.34-8 | ||
| Microsoft | N/A | azl3 cups 2.4.13-1 | ||
| Microsoft | N/A | cbl2 haproxy versions antérieures à 2.4.24-2 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | azl3 haproxy versions antérieures à 2.9.11-4 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 fluent-bit 3.1.9-6 | ||
| Microsoft | N/A | azl3 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-5 | ||
| Microsoft | N/A | cbl2 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | cbl2 glib versions antérieures à 2.71.0-8 | ||
| Microsoft | N/A | cbl2 kubevirt versions antérieures à 0.59.0-31 | ||
| Microsoft | N/A | azl3 libvirt versions antérieures à 10.0.0-6 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cups 2.3.3op2-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 grub2 2.06-15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 nodejs18 18.20.3-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 fluent-bit versions ant\u00e9rieures \u00e0 3.0.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel versions ant\u00e9rieures \u00e0 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubevirt 1.5.0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 20.14.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glib versions ant\u00e9rieures \u00e0 2.78.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 grub2 2.06-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libxslt 1.1.43-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 expat 2.6.4-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libxslt 1.1.34-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cups 2.4.13-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 haproxy versions ant\u00e9rieures \u00e0 2.4.24-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 haproxy versions ant\u00e9rieures \u00e0 2.9.11-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 fluent-bit 3.1.9-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 glib versions ant\u00e9rieures \u00e0 2.71.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt versions ant\u00e9rieures \u00e0 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libvirt versions ant\u00e9rieures \u00e0 10.0.0-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-13193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13193"
},
{
"name": "CVE-2025-54770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
},
{
"name": "CVE-2025-61915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61915"
},
{
"name": "CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-12977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12977"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-61663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2025-12970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12970"
},
{
"name": "CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-38656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38656"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-40210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-64704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64704"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-64713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64713"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-54771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2025-64324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64324"
},
{
"name": "CVE-2025-12969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12969"
},
{
"name": "CVE-2025-11230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11230"
},
{
"name": "CVE-2025-61661",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
},
{
"name": "CVE-2022-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50233"
},
{
"name": "CVE-2025-61664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61661",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61661"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13230"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40210"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13227"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64720"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12816"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64704"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54770",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54770"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11731"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13601"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64713",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64713"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65018",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65018"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66030"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40211"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50233"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61664",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61664"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58436",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13193"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61662",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61662"
},
{
"published_at": "2025-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-38656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11230"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54771",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54771"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13226"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12638",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12970",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12970"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66031",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66031"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12977"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61663",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61663"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12969",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12969"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64506",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506"
},
{
"published_at": "2025-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64505",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505"
}
]
}
CERTFR-2025-AVI-1064
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cups 2.3.3op2-10 | ||
| Microsoft | N/A | cbl2 grub2 2.06-15 | ||
| Microsoft | N/A | cbl2 nodejs18 18.20.3-9 | ||
| Microsoft | N/A | cbl2 fluent-bit versions antérieures à 3.0.6-5 | ||
| Microsoft | N/A | azl3 kernel versions antérieures à 6.6.117.1-1 | ||
| Microsoft | N/A | azl3 kubevirt 1.5.0-5 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 nodejs 20.14.0-9 | ||
| Microsoft | N/A | azl3 glib versions antérieures à 2.78.6-5 | ||
| Microsoft | N/A | azl3 grub2 2.06-25 | ||
| Microsoft | N/A | azl3 libxslt 1.1.43-1 | ||
| Microsoft | N/A | azl3 expat 2.6.4-2 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | cbl2 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | cbl2 libxslt 1.1.34-8 | ||
| Microsoft | N/A | azl3 cups 2.4.13-1 | ||
| Microsoft | N/A | cbl2 haproxy versions antérieures à 2.4.24-2 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | azl3 haproxy versions antérieures à 2.9.11-4 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 fluent-bit 3.1.9-6 | ||
| Microsoft | N/A | azl3 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-5 | ||
| Microsoft | N/A | cbl2 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | cbl2 glib versions antérieures à 2.71.0-8 | ||
| Microsoft | N/A | cbl2 kubevirt versions antérieures à 0.59.0-31 | ||
| Microsoft | N/A | azl3 libvirt versions antérieures à 10.0.0-6 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cups 2.3.3op2-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 grub2 2.06-15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 nodejs18 18.20.3-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 fluent-bit versions ant\u00e9rieures \u00e0 3.0.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel versions ant\u00e9rieures \u00e0 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubevirt 1.5.0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 20.14.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glib versions ant\u00e9rieures \u00e0 2.78.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 grub2 2.06-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libxslt 1.1.43-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 expat 2.6.4-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libxslt 1.1.34-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cups 2.4.13-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 haproxy versions ant\u00e9rieures \u00e0 2.4.24-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 haproxy versions ant\u00e9rieures \u00e0 2.9.11-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 fluent-bit 3.1.9-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 glib versions ant\u00e9rieures \u00e0 2.71.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt versions ant\u00e9rieures \u00e0 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libvirt versions ant\u00e9rieures \u00e0 10.0.0-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-13193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13193"
},
{
"name": "CVE-2025-54770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
},
{
"name": "CVE-2025-61915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61915"
},
{
"name": "CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-12977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12977"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-61663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2025-12970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12970"
},
{
"name": "CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-38656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38656"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-40210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-64704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64704"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-64713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64713"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-54771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2025-64324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64324"
},
{
"name": "CVE-2025-12969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12969"
},
{
"name": "CVE-2025-11230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11230"
},
{
"name": "CVE-2025-61661",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
},
{
"name": "CVE-2022-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50233"
},
{
"name": "CVE-2025-61664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61661",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61661"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13230"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40210"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13227"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64720"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12816"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64704"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54770",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54770"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11731"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13601"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64713",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64713"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65018",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65018"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66030"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40211"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50233"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61664",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61664"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58436",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13193"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61662",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61662"
},
{
"published_at": "2025-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-38656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11230"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54771",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54771"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13226"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12638",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12970",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12970"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66031",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66031"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12977"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61663",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61663"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12969",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12969"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64506",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506"
},
{
"published_at": "2025-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64505",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505"
}
]
}
WID-SEC-W-2025-2663
Vulnerability from csaf_certbund - Published: 2025-11-23 23:00 - Updated: 2026-01-07 23:00Summary
libpng: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die libpng ist die offizielle Referenzbibliothek für die Darstellung und Manipulation von Bildern im Portable Network Graphics (PNG) Format.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libpng ausnutzen, um einen Denial of Service Angriff durchzuführen und Code auszuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die libpng ist die offizielle Referenzbibliothek f\u00fcr die Darstellung und Manipulation von Bildern im Portable Network Graphics (PNG) Format.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libpng ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2663 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2663.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2663 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2663"
},
{
"category": "external",
"summary": "libpng Release 1.6.51 vom 2025-11-23",
"url": "https://github.com/pnggroup/libpng/releases/tag/v1.6.51"
},
{
"category": "external",
"summary": "oss-sec mailing list archives vom 2025-11-23",
"url": "https://seclists.org/oss-sec/2025/q4/204"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4952-h5wq-4m42 vom 2025-11-23",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-QPR4-XM66-HWW6 vom 2025-11-23",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-HFC7-PH9C-WCWW vom 2025-11-23",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-7WV6-48J4-HJ3G vom 2025-11-23",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
},
{
"category": "external",
"summary": "PoC CVE-2025-65018 vom 2025-11-23",
"url": "https://github.com/Neo-Neo6/CVE-2025-65018-Heap-buffer-overflow-in-libpng-ps4-ps5-"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202511-06 vom 2025-11-26",
"url": "https://security.gentoo.org/glsa/202511-06"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4396 vom 2025-12-07",
"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00007.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15797-1 vom 2025-12-05",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6VHJB7BZAUFZBE64B7ADJSGFVT67JY7Q/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3091 vom 2025-12-08",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3091.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2FIREFOX-2025-048 vom 2025-12-08",
"url": "https://alas.aws.amazon.com/AL2/ALAS2FIREFOX-2025-048.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6076 vom 2025-12-10",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00242.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7924-1 vom 2025-12-11",
"url": "https://ubuntu.com/security/notices/USN-7924-1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-DA6D092209 vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-da6d092209"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-DBD70402F4 vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-dbd70402f4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4383-1 vom 2025-12-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023535.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4432-1 vom 2025-12-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023583.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4436-1 vom 2025-12-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023579.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21220-1 vom 2025-12-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023591.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21217-1 vom 2025-12-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023593.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4494-1 vom 2025-12-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZIBH6F5GJDUMZIKK5ICPKWLWOR4CCVQK/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4533-1 vom 2025-12-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023661.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3113 vom 2026-01-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3113.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3112 vom 2026-01-05",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3112.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0125 vom 2026-01-06",
"url": "https://access.redhat.com/errata/RHSA-2026:0125"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0212 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0212"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:0125 vom 2026-01-07",
"url": "https://errata.build.resf.org/RLSA-2026:0125"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0216 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0216"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0211 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0211"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-0241 vom 2026-01-08",
"url": "https://linux.oracle.com/errata/ELSA-2026-0241.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0234 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0234"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-0238 vom 2026-01-07",
"url": "https://linux.oracle.com/errata/ELSA-2026-0238.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0241 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0241"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-0237 vom 2026-01-07",
"url": "https://linux.oracle.com/errata/ELSA-2026-0237.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-0125 vom 2026-01-08",
"url": "https://linux.oracle.com/errata/ELSA-2026-0125.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0237 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0237"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0251 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0251"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0210 vom 2026-01-08",
"url": "https://access.redhat.com/errata/RHSA-2026:0210"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0238 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2026:0238"
},
{
"category": "external",
"summary": "PoC auf GitHub vom 2026-01-07",
"url": "https://github.com/dantsco/CVE-2025-64720-PoC"
},
{
"category": "external",
"summary": "GitLab Patch Release: 18.7.1, 18.6.3, 18.5.5",
"url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/"
}
],
"source_lang": "en-US",
"title": "libpng: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-07T23:00:00.000+00:00",
"generator": {
"date": "2026-01-08T08:50:24.092+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2663",
"initial_release_date": "2025-11-23T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-23T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-24T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2025-199236, EUVD-2025-199237, EUVD-2025-199238, EUVD-2025-199239"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2025-12-07T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian und openSUSE aufgenommen"
},
{
"date": "2025-12-08T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-12-09T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Fedora und SUSE aufgenommen"
},
{
"date": "2025-12-17T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-18T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-21T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-29T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-05T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-01-06T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-07T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat und Oracle Linux und PoC aufgenommen"
}
],
"status": "final",
"version": "15"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c18.7.1",
"product": {
"name": "Open Source GitLab \u003c18.7.1",
"product_id": "T049757"
}
},
{
"category": "product_version",
"name": "18.7.1",
"product": {
"name": "Open Source GitLab 18.7.1",
"product_id": "T049757-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:18.7.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.6.3",
"product": {
"name": "Open Source GitLab \u003c18.6.3",
"product_id": "T049758"
}
},
{
"category": "product_version",
"name": "18.6.3",
"product": {
"name": "Open Source GitLab 18.6.3",
"product_id": "T049758-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:18.6.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c18.5.5",
"product": {
"name": "Open Source GitLab \u003c18.5.5",
"product_id": "T049759"
}
},
{
"category": "product_version",
"name": "18.5.5",
"product": {
"name": "Open Source GitLab 18.5.5",
"product_id": "T049759-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:gitlab:gitlab:18.5.5"
}
}
}
],
"category": "product_name",
"name": "GitLab"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.6.51",
"product": {
"name": "Open Source libpng \u003c1.6.51",
"product_id": "T048833"
}
},
{
"category": "product_version",
"name": "1.6.51",
"product": {
"name": "Open Source libpng 1.6.51",
"product_id": "T048833-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:libpng:libpng:1.6.51"
}
}
}
],
"category": "product_name",
"name": "libpng"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64505",
"product_status": {
"known_affected": [
"67646",
"T012167",
"T004914",
"T032255",
"74185",
"T049759",
"T049758",
"T048833",
"T049757",
"2951",
"T002207",
"T000126",
"T027843",
"398363"
]
},
"release_date": "2025-11-23T23:00:00.000+00:00",
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"product_status": {
"known_affected": [
"67646",
"T012167",
"T004914",
"T032255",
"74185",
"T049759",
"T049758",
"T048833",
"T049757",
"2951",
"T002207",
"T000126",
"T027843",
"398363"
]
},
"release_date": "2025-11-23T23:00:00.000+00:00",
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"product_status": {
"known_affected": [
"67646",
"T012167",
"T004914",
"T032255",
"74185",
"T049759",
"T049758",
"T048833",
"T049757",
"2951",
"T002207",
"T000126",
"T027843",
"398363"
]
},
"release_date": "2025-11-23T23:00:00.000+00:00",
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-65018",
"product_status": {
"known_affected": [
"67646",
"T012167",
"T004914",
"T032255",
"74185",
"T049759",
"T049758",
"T048833",
"T049757",
"2951",
"T002207",
"T000126",
"T027843",
"398363"
]
},
"release_date": "2025-11-23T23:00:00.000+00:00",
"title": "CVE-2025-65018"
}
]
}
FKIE_CVE-2025-65018
Vulnerability from fkie_nvd - Published: 2025-11-25 00:15 - Updated: 2025-11-26 18:34
Severity ?
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d | Patch | |
| security-advisories@github.com | https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea | Patch | |
| security-advisories@github.com | https://github.com/pnggroup/libpng/issues/755 | Exploit, Issue Tracking | |
| security-advisories@github.com | https://github.com/pnggroup/libpng/pull/757 | Issue Tracking | |
| security-advisories@github.com | https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g | Exploit, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/pnggroup/libpng/issues/755 | Exploit, Issue Tracking | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3545FEA5-4FFA-4955-BFDA-CC3602C9A894",
"versionEndExcluding": "1.6.51",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51."
}
],
"id": "CVE-2025-65018",
"lastModified": "2025-11-26T18:34:53.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-11-25T00:15:47.610",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
SUSE-SU-2025:4494-1
Vulnerability from csaf_suse - Published: 2025-12-19 13:14 - Updated: 2025-12-19 13:14Summary
Security update for libpng16
Notes
Title of the patch
Security update for libpng16
Description of the patch
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
Patchnames
SUSE-2025-4494,SUSE-SLE-Module-Basesystem-15-SP6-2025-4494,SUSE-SLE-Module-Basesystem-15-SP7-2025-4494,openSUSE-SLE-15.6-2025-4494
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\n- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)\n- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)\n- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)\n- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)\n- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4494,SUSE-SLE-Module-Basesystem-15-SP6-2025-4494,SUSE-SLE-Module-Basesystem-15-SP7-2025-4494,openSUSE-SLE-15.6-2025-4494",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4494-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4494-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254494-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4494-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023633.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254157",
"url": "https://bugzilla.suse.com/1254157"
},
{
"category": "self",
"summary": "SUSE Bug 1254158",
"url": "https://bugzilla.suse.com/1254158"
},
{
"category": "self",
"summary": "SUSE Bug 1254159",
"url": "https://bugzilla.suse.com/1254159"
},
{
"category": "self",
"summary": "SUSE Bug 1254160",
"url": "https://bugzilla.suse.com/1254160"
},
{
"category": "self",
"summary": "SUSE Bug 1254480",
"url": "https://bugzilla.suse.com/1254480"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64505 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64720 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-65018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-65018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66293 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66293/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2025-12-19T13:14:13Z",
"generator": {
"date": "2025-12-19T13:14:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4494-1",
"initial_release_date": "2025-12-19T13:14:13Z",
"revision_history": [
{
"date": "2025-12-19T13:14:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.40-150600.3.3.1.aarch64",
"product": {
"name": "libpng16-16-1.6.40-150600.3.3.1.aarch64",
"product_id": "libpng16-16-1.6.40-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"product": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"product_id": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"product": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"product_id": "libpng16-devel-1.6.40-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"product": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"product_id": "libpng16-tools-1.6.40-150600.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "libpng16-16-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product_id": "libpng16-16-64bit-1.6.40-150600.3.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "libpng16-compat-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product_id": "libpng16-compat-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libpng16-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "libpng16-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32",
"product_id": "libpng16-devel-64bit-1.6.40-150600.3.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.40-150600.3.3.1.i586",
"product": {
"name": "libpng16-16-1.6.40-150600.3.3.1.i586",
"product_id": "libpng16-16-1.6.40-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.i586",
"product": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.i586",
"product_id": "libpng16-compat-devel-1.6.40-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.40-150600.3.3.1.i586",
"product": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.i586",
"product_id": "libpng16-devel-1.6.40-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.40-150600.3.3.1.i586",
"product": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.i586",
"product_id": "libpng16-tools-1.6.40-150600.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"product_id": "libpng16-16-1.6.40-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"product_id": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"product": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"product_id": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"product": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"product_id": "libpng16-tools-1.6.40-150600.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.40-150600.3.3.1.s390x",
"product": {
"name": "libpng16-16-1.6.40-150600.3.3.1.s390x",
"product_id": "libpng16-16-1.6.40-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"product": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"product_id": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.40-150600.3.3.1.s390x",
"product": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.s390x",
"product_id": "libpng16-devel-1.6.40-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.40-150600.3.3.1.s390x",
"product": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.s390x",
"product_id": "libpng16-tools-1.6.40-150600.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-16-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-16-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-devel-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.40-150600.3.3.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.x86_64",
"product_id": "libpng16-tools-1.6.40-150600.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64"
},
"product_reference": "libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le"
},
"product_reference": "libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x"
},
"product_reference": "libpng16-tools-1.6.40-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.40-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.40-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64505"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64505",
"url": "https://www.suse.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "SUSE Bug 1254157 for CVE-2025-64505",
"url": "https://bugzilla.suse.com/1254157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T13:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64506"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64506",
"url": "https://www.suse.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "SUSE Bug 1254158 for CVE-2025-64506",
"url": "https://bugzilla.suse.com/1254158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T13:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64720"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64720",
"url": "https://www.suse.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "SUSE Bug 1254159 for CVE-2025-64720",
"url": "https://bugzilla.suse.com/1254159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T13:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-65018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-65018"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-65018",
"url": "https://www.suse.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "SUSE Bug 1254160 for CVE-2025-65018",
"url": "https://bugzilla.suse.com/1254160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T13:14:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66293"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management. Upgrade to libpng 1.6.52 or later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66293",
"url": "https://www.suse.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "SUSE Bug 1254480 for CVE-2025-66293",
"url": "https://bugzilla.suse.com/1254480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.s390x",
"openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-12-19T13:14:13Z",
"details": "important"
}
],
"title": "CVE-2025-66293"
}
]
}
OPENSUSE-SU-2025:15781-1
Vulnerability from csaf_opensuse - Published: 2025-11-28 00:00 - Updated: 2025-11-28 00:00Summary
libpng16-16-1.6.51-1.1 on GA media
Notes
Title of the patch
libpng16-16-1.6.51-1.1 on GA media
Description of the patch
These are all security issues fixed in the libpng16-16-1.6.51-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15781
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libpng16-16-1.6.51-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libpng16-16-1.6.51-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15781",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15781-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64505 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64506 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64720 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-65018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-65018/"
}
],
"title": "libpng16-16-1.6.51-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-28T00:00:00Z",
"generator": {
"date": "2025-11-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15781-1",
"initial_release_date": "2025-11-28T00:00:00Z",
"revision_history": [
{
"date": "2025-11-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.51-1.1.aarch64",
"product": {
"name": "libpng16-16-1.6.51-1.1.aarch64",
"product_id": "libpng16-16-1.6.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.51-1.1.aarch64",
"product": {
"name": "libpng16-16-32bit-1.6.51-1.1.aarch64",
"product_id": "libpng16-16-32bit-1.6.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"product_id": "libpng16-16-x86-64-v3-1.6.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.51-1.1.aarch64",
"product": {
"name": "libpng16-compat-devel-1.6.51-1.1.aarch64",
"product_id": "libpng16-compat-devel-1.6.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"product_id": "libpng16-compat-devel-32bit-1.6.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.51-1.1.aarch64",
"product": {
"name": "libpng16-devel-1.6.51-1.1.aarch64",
"product_id": "libpng16-devel-1.6.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.51-1.1.aarch64",
"product": {
"name": "libpng16-devel-32bit-1.6.51-1.1.aarch64",
"product_id": "libpng16-devel-32bit-1.6.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"product_id": "libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.51-1.1.aarch64",
"product": {
"name": "libpng16-tools-1.6.51-1.1.aarch64",
"product_id": "libpng16-tools-1.6.51-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.51-1.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.51-1.1.ppc64le",
"product_id": "libpng16-16-1.6.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.51-1.1.ppc64le",
"product": {
"name": "libpng16-16-32bit-1.6.51-1.1.ppc64le",
"product_id": "libpng16-16-32bit-1.6.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"product_id": "libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.51-1.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-1.6.51-1.1.ppc64le",
"product_id": "libpng16-compat-devel-1.6.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"product_id": "libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.51-1.1.ppc64le",
"product": {
"name": "libpng16-devel-1.6.51-1.1.ppc64le",
"product_id": "libpng16-devel-1.6.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"product": {
"name": "libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"product_id": "libpng16-devel-32bit-1.6.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"product_id": "libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.51-1.1.ppc64le",
"product": {
"name": "libpng16-tools-1.6.51-1.1.ppc64le",
"product_id": "libpng16-tools-1.6.51-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.51-1.1.s390x",
"product": {
"name": "libpng16-16-1.6.51-1.1.s390x",
"product_id": "libpng16-16-1.6.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.51-1.1.s390x",
"product": {
"name": "libpng16-16-32bit-1.6.51-1.1.s390x",
"product_id": "libpng16-16-32bit-1.6.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"product_id": "libpng16-16-x86-64-v3-1.6.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.51-1.1.s390x",
"product": {
"name": "libpng16-compat-devel-1.6.51-1.1.s390x",
"product_id": "libpng16-compat-devel-1.6.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"product_id": "libpng16-compat-devel-32bit-1.6.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.51-1.1.s390x",
"product": {
"name": "libpng16-devel-1.6.51-1.1.s390x",
"product_id": "libpng16-devel-1.6.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.51-1.1.s390x",
"product": {
"name": "libpng16-devel-32bit-1.6.51-1.1.s390x",
"product_id": "libpng16-devel-32bit-1.6.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"product_id": "libpng16-devel-x86-64-v3-1.6.51-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.51-1.1.s390x",
"product": {
"name": "libpng16-tools-1.6.51-1.1.s390x",
"product_id": "libpng16-tools-1.6.51-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.51-1.1.x86_64",
"product": {
"name": "libpng16-16-1.6.51-1.1.x86_64",
"product_id": "libpng16-16-1.6.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.51-1.1.x86_64",
"product": {
"name": "libpng16-16-32bit-1.6.51-1.1.x86_64",
"product_id": "libpng16-16-32bit-1.6.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"product_id": "libpng16-16-x86-64-v3-1.6.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.51-1.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.51-1.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"product_id": "libpng16-compat-devel-32bit-1.6.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.51-1.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.51-1.1.x86_64",
"product_id": "libpng16-devel-1.6.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.51-1.1.x86_64",
"product": {
"name": "libpng16-devel-32bit-1.6.51-1.1.x86_64",
"product_id": "libpng16-devel-32bit-1.6.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"product_id": "libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.51-1.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.51-1.1.x86_64",
"product_id": "libpng16-tools-1.6.51-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64"
},
"product_reference": "libpng16-16-1.6.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x"
},
"product_reference": "libpng16-16-1.6.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64"
},
"product_reference": "libpng16-16-1.6.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64"
},
"product_reference": "libpng16-16-32bit-1.6.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le"
},
"product_reference": "libpng16-16-32bit-1.6.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x"
},
"product_reference": "libpng16-16-32bit-1.6.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x"
},
"product_reference": "libpng16-devel-1.6.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64"
},
"product_reference": "libpng16-devel-32bit-1.6.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le"
},
"product_reference": "libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x"
},
"product_reference": "libpng16-devel-32bit-1.6.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64"
},
"product_reference": "libpng16-devel-32bit-1.6.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.51-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64"
},
"product_reference": "libpng16-tools-1.6.51-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.51-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le"
},
"product_reference": "libpng16-tools-1.6.51-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.51-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x"
},
"product_reference": "libpng16-tools-1.6.51-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.51-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.51-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-64505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64505"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64505",
"url": "https://www.suse.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "SUSE Bug 1254157 for CVE-2025-64505",
"url": "https://bugzilla.suse.com/1254157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-64505"
},
{
"cve": "CVE-2025-64506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64506"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64506",
"url": "https://www.suse.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "SUSE Bug 1254158 for CVE-2025-64506",
"url": "https://bugzilla.suse.com/1254158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-64506"
},
{
"cve": "CVE-2025-64720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64720"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64720",
"url": "https://www.suse.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "SUSE Bug 1254159 for CVE-2025-64720",
"url": "https://bugzilla.suse.com/1254159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-64720"
},
{
"cve": "CVE-2025-65018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-65018"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-65018",
"url": "https://www.suse.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "SUSE Bug 1254160 for CVE-2025-65018",
"url": "https://bugzilla.suse.com/1254160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.51-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.51-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-65018"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…