OSV-2026-30 Use-of-uninitialized-value in vp9_quantize_fp_avx2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=474614578 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...

PT-2026-7243

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.6.55 Description LIBPNG is a library used by applications to read, create, and manipulate PNG raster image files. A flaw exists in the png set quantize function that can lead to a denial-of-service condition or...

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2025-64720: Fixed buffer overflow in pngimagereadcomposite via incorrect palette premultiplication bsc1254159 CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157 CVE-2025-64506: Fixed heap...

SUSE-SU-2025:4533-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2025-64720: Fixed buffer overflow in pngimagereadcomposite via incorrect palette premultiplication bsc1254159 - CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157 - CVE-2025-64506: Fixed he...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libpng (UTSA-2025-991300)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991300 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.51, a...

CLSA-2025-1766165929 libpng: Fix of CVE-2025-64505

CVE-2025-64505: fix heap buffer over-read vulnerability in pngdoquantize function by validating palettelookup array bounds...

SUSE-SU-2025:4494-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in pngcombinerow triggered via pngimagefinishread bsc1254160 - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in pngimagereadcomposite bsc1254480 - CVE-2025-64506: Fixed heap buffer over-read in...

SUSE: Security Advisory (SUSE-SU-2025:4432-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2025:4432-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libpng (UTSA-2025-991288)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991288 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.51, a...

SUSE-SU-2025:4436-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in pngcombinerow triggered via pngimagefinishread bsc1254160 - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in pngimagereadcomposite bsc1254480 - CVE-2025-64506: Fixed heap buffer over-read in...

SUSE SLES12 Security Update : libpng12 (SUSE-SU-2025:4383-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:4383-1 advisory. - CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157 Tenable has extracted the preceding description...

Security update for libpng12

This update for libpng12 fixes the following issues: CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:4383-1 Security update for libpng12

This update for libpng12 fixes the following issues: - CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157...

CLSA-2025-1765380269 libpng: Fix of CVE-2025-64505

CVE-2025-64505: fix heap buffer over-read vulnerability in pngdoquantize function...

CLSA-2025-1765288864 libpng: Fix of CVE-2025-64505

CVE-2025-64505: fix heap buffer over-read vulnerability in pngdoquantize function...

Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2025-1306)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1306 advisory. A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array boun...

Important: firefox

Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...

Important: libpng

Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...

JLSEC-2025-328 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl...

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette...