Updated libpng packages fix security vulnerability

🗓️ 08 Dec 2025 18:36:27Reported by Gentoo FoundationType

mageia

mageia🔗 advisories.mageia.org👁 6 Views

Updated libpng packages fix an out-of-bounds read in png_image_read_composite (CVE-2025-66293).

Reporter	Title	Published	Views	Family All 291
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in DataStage on Cloud Pak for Data	25 Feb 202616:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	28 Jan 202615:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026	27 Mar 202608:58	–	ibm
IBM Security Bulletins	Security Bulletin:Vulnerabilities in LIBPNG affects IBM Netezza Appliance	15 Apr 202611:16	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libpng affects IBM Netezza Appliance	22 Apr 202612:14	–	ibm
GithubExploit	Exploit for Out-of-bounds Read in Libpng	22 Jan 202611:35	–	githubexploit
Tenable Nessus	Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2025-1332)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2025-1337)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-3108 (ALAS-2025-3108)	5 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-049 (ALASFIREFOX-2025-049)	5 Jan 202600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Mageia	9	any	libpng	1.6.38-1.2	libpng-1.6.38-1.2.noarch.rpm

Source	Link
bugs	www.bugs.mageia.org/show_bug.cgi
openwall	www.openwall.com/lists/oss-security/2025/12/03/5

08 Dec 2025 18:36Current

7High risk

Vulners AI Score7

CVSS 3.17.1

EPSS0.00294

SSVC

libpng out-of-bounds read png image read CVE-2025-66293 Unix