TencentOS Server 3: java-1.8.0-openjdk (TSSA-2026:0365)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0365 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Astra Linux - уязвимость в imagemagick

ImageMagick 7.1.0-49 is vulnerable to Denial of Service attacks. When it parses a PNG image for example, for resizing, the conversion process may cause it to wait for stdin input...

Astra Linux - уязвимость в exiv2

In Exiv2 0.27.99.0, the PngImage::readMetadata function in the pngimage.cpp file allows attackers to cause a denial of service heap-based buffer over-read through a crafted image file...

libpng: LIBPNG out-of-bounds read in png_image_read_composite

An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...

ROS-20260401-73-0010

A vulnerability in the pngimagereaddirectscaled function of the libpng library is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability may allow an attacker to gain unauthorized access to protected information or cause denial of service...

ROS-20260401-73-0012

A vulnerability in the pngimagefinishread function of the pngimagefinishread library for handling bitmap graphics in the PNG libpng format is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by loading a...

ROS-20260401-73-0007

A vulnerability in the pngimagereadcomposite function of the libpng library is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality and availability of protected information using a specially...

ROS-20260401-73-0014

A vulnerability in the pngimagefinishread function of the pngimagefinishread library for handling bitmap graphics in the PNG libpng format is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by loading a...

libpng security update

An update is available for libpng. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpng packages contain a library of functions for creating and...

libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read

A flaw was found in libpng, a reference library for processing PNG Portable Network Graphics image files. A local attacker could exploit a heap buffer over-read vulnerability in the pngimagefinishread function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with ...

SUSE-SU-2026:0596-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running pngimage bsc1257364. - CVE-2025-28164: memory leaks when running pngimage bsc1257365. - CVE-2026-22695: heap buffer over-read in pngimagefinishread bsc1256525. - CVE-2026-22801: integer truncation...

CLSA-2026-1771408532 java-21-openjdk: Fix of 3 CVEs

Update to jdk-21.0.10+7 - CVE-2026-21945: fix possible DOS - CVE-2025-65018: fix libpng heap buffer overflow in pngimagefinishread when processing 16-bit interlaced PNGs with 8-bit output format - CVE-2025-64720: fix libpng out-of-bounds read in pngimagereadcomposite when processing palette...

Fedora 43 : libpng (2026-a9ae661fa2)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a9ae661fa2 advisory. Version 1.6.54 January 12, 2026 Fixed CVE-2026-22695 medium severity: Heap buffer over-read in pngimagereaddirectscaled. Fixed CVE-2026-22801 medium...

CLSA-2026-1771002358 libpng: Fix of CVE-2026-22801

CVE-2026-22801: fix heap buffer over-read in pngimagewrite...

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2025-28162: memory leaks when running pngimage bsc1257364. CVE-2025-28164: memory leaks when running pngimage bsc1257365. CVE-2026-22695: Fixed heap buffer over-read in pngimagefinishread bsc1256525. Patch Instructions: To install this SUSE...

Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2026-1213)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and java-latest-openjdk packages fix security vulnerabilities

LIBPNG is vulnerable to a buffer overflow in pngimagereadcomposite via incorrect palette premultiplication. CVE-2025-64720 LIBPNG is vulnerable to a heap buffer overflow in pngcombinerow triggered via pngimagefinishread. CVE-2025-65018 Improve JMX connections. CVE-2026-21925 Improve HttpServer...

CVE-2025-28162

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive...

Quick-Media Batik Codec FIX package has Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects all...

GHSA-8623-9FWR-4CXV Quick-Media Batik Codec FIX package has Code Injection vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects all...