Lucene search
K

490 matches found

RedHat Linux
RedHat Linux
added 2026/01/07 1:3 p.m.6 views

libpng: LIBPNG out-of-bounds read in png_image_read_composite

An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...

7.1CVSS5.7AI score0.00299EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/01/07 1:2 p.m.2 views

libpng: LIBPNG out-of-bounds read in png_image_read_composite

An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...

7.1CVSS5.7AI score0.00299EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2026/01/07 9:15 a.m.8 views

CVE-2024-2838

The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'woococomponents0name' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the...

6.4CVSS5.8AI score0.00344EPSS
Exploits0References1
AlmaLinux
AlmaLinux
added 2026/01/07 12:0 a.m.10 views

Important: libpng security update

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes: libpng: LIBPNG buffer overflow CVE-2025-64720 libpng: LIBPNG heap buffer overflow CVE-2025-65018 libpng: LIBPNG out-of-bounds read in...

7.1CVSS5.9AI score0.00352EPSS
Exploits6References8
AlmaLinux
AlmaLinux
added 2026/01/07 12:0 a.m.11 views

Important: libpng security update

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes: libpng: LIBPNG buffer overflow CVE-2025-64720 libpng: LIBPNG heap buffer overflow CVE-2025-65018 libpng: LIBPNG out-of-bounds read in...

7.1CVSS7.4AI score0.00352EPSS
Exploits6References8
SUSE Linux
SUSE Linux
added 2025/12/29 4:11 p.m.5 views

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2025-64720: Fixed buffer overflow in pngimagereadcomposite via incorrect palette premultiplication bsc1254159 CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157 CVE-2025-64506: Fixed heap...

6.9CVSS7.4AI score0.00352EPSS
Exploits5References16
OSV
OSV
added 2025/12/19 1:14 p.m.5 views

SUSE-SU-2025:4494-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in pngcombinerow triggered via pngimagefinishread bsc1254160 - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in pngimagereadcomposite bsc1254480 - CVE-2025-64506: Fixed heap buffer over-read in...

7.1CVSS6AI score0.00352EPSS
Exploits6References11
SUSE Linux
SUSE Linux
added 2025/12/17 1:56 p.m.9 views

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2025-65018: Fixed heap buffer overflow in pngcombinerow triggered via pngimagefinishread bsc1254160 CVE-2025-66293: Fixed LIBPNG out-of-bounds read in pngimagereadcomposite bsc1254480 CVE-2025-64506: Fixed heap buffer over-read in...

7.1CVSS7.3AI score0.00352EPSS
Exploits6References20
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 10:47 a.m.5 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty and are affected by cross-site scripting.

Summary The security issue described in CVE-2025-12635 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.4CVSS6.5AI score0.00141EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/12/16 8:31 a.m.3 views

SUSE-SU-2025:21217-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2025-66293: Fixed out-of-bounds read in pngimagereadcomposite bsc1254480. - CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157. - CVE-2025-64506: Fixed heap buffer over-read in...

7.1CVSS6AI score0.00352EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2025/12/14 12:0 a.m.6 views

Fedora 43 : libpng (2025-7f360be18f)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-7f360be18f advisory. Fixed CVE-2025-66293 high severity: Out-of-bounds read in pngimagereadcomposite. Fixed the Paeth filter handling in the RISC-V RVV implementation. Improved t...

7.1CVSS6.2AI score0.00299EPSS
Exploits2References2
Amazon
Amazon
added 2025/12/08 12:0 a.m.11 views

Important: libpng

Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...

7.1CVSS7.3AI score0.00352EPSS
Exploits5
Amazon
Amazon
added 2025/12/08 12:0 a.m.9 views

Important: firefox

Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...

7.1CVSS7.3AI score0.00352EPSS
Exploits5
Microsoft CVE
Microsoft CVE
added 2025/12/05 9:2 a.m.9 views

LIBPNG has an out-of-bounds read in png_image_read_composite

...

7.1CVSS7AI score0.00299EPSS
Exploits2
Cvelist
Cvelist
added 2025/12/03 8:33 p.m.22 views

CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing...

7.1CVSS0.00299EPSS
Exploits2References4
Microsoft CVE
Microsoft CVE
added 2025/11/27 9:4 a.m.7 views

LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication

...

7.1CVSS7AI score0.00352EPSS
Exploits4
Cvelist
Cvelist
added 2025/11/24 11:45 p.m.19 views

CVE-2025-64720 LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

7.1CVSS0.00352EPSS
Exploits4References4
AlpineLinux
AlpineLinux
added 2025/11/24 11:45 p.m.11 views

CVE-2025-64720

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

7.1CVSS7AI score0.00352EPSS
Exploits4References4
EUVD
EUVD
added 2025/11/24 9:41 p.m.2 views

EUVD-2025-199092

Malicious code in composite-reducer npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/11/24 9:41 p.m.4 views

MAL-2025-190951 Malicious code in composite-reducer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8eecfe869a6cc75f59e734412ec583d6bb95ddaab6b45c9c22526ba7b556e004 The package composite-reducer was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References10
Rows per page
Query Builder