490 matches found
libpng: LIBPNG out-of-bounds read in png_image_read_composite
An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...
libpng: LIBPNG out-of-bounds read in png_image_read_composite
An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...
CVE-2024-2838
The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'woococomponents0name' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the...
Important: libpng security update
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes: libpng: LIBPNG buffer overflow CVE-2025-64720 libpng: LIBPNG heap buffer overflow CVE-2025-65018 libpng: LIBPNG out-of-bounds read in...
Important: libpng security update
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes: libpng: LIBPNG buffer overflow CVE-2025-64720 libpng: LIBPNG heap buffer overflow CVE-2025-65018 libpng: LIBPNG out-of-bounds read in...
Security update for libpng16
This update for libpng16 fixes the following issues: CVE-2025-64720: Fixed buffer overflow in pngimagereadcomposite via incorrect palette premultiplication bsc1254159 CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157 CVE-2025-64506: Fixed heap...
SUSE-SU-2025:4494-1 Security update for libpng16
This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in pngcombinerow triggered via pngimagefinishread bsc1254160 - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in pngimagereadcomposite bsc1254480 - CVE-2025-64506: Fixed heap buffer over-read in...
Security update for libpng16
This update for libpng16 fixes the following issues: CVE-2025-65018: Fixed heap buffer overflow in pngcombinerow triggered via pngimagefinishread bsc1254160 CVE-2025-66293: Fixed LIBPNG out-of-bounds read in pngimagereadcomposite bsc1254480 CVE-2025-64506: Fixed heap buffer over-read in...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty and are affected by cross-site scripting.
Summary The security issue described in CVE-2025-12635 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
SUSE-SU-2025:21217-1 Security update for libpng16
This update for libpng16 fixes the following issues: - CVE-2025-66293: Fixed out-of-bounds read in pngimagereadcomposite bsc1254480. - CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157. - CVE-2025-64506: Fixed heap buffer over-read in...
Fedora 43 : libpng (2025-7f360be18f)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-7f360be18f advisory. Fixed CVE-2025-66293 high severity: Out-of-bounds read in pngimagereadcomposite. Fixed the Paeth filter handling in the RISC-V RVV implementation. Improved t...
Important: libpng
Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...
Important: firefox
Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...
LIBPNG has an out-of-bounds read in png_image_read_composite
...
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing...
LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
...
CVE-2025-64720 LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...
CVE-2025-64720
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...
EUVD-2025-199092
Malicious code in composite-reducer npm...
MAL-2025-190951 Malicious code in composite-reducer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8eecfe869a6cc75f59e734412ec583d6bb95ddaab6b45c9c22526ba7b556e004 The package composite-reducer was found to contain malicious code. Source: ghsa-malware...