503 matches found
SUSE-SU-2025:4494-1 Security update for libpng16
This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in pngcombinerow triggered via pngimagefinishread bsc1254160 - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in pngimagereadcomposite bsc1254480 - CVE-2025-64506: Fixed heap buffer over-read in...
Security update for libpng16
This update for libpng16 fixes the following issues: CVE-2025-65018: Fixed heap buffer overflow in pngcombinerow triggered via pngimagefinishread bsc1254160 CVE-2025-66293: Fixed LIBPNG out-of-bounds read in pngimagereadcomposite bsc1254480 CVE-2025-64506: Fixed heap buffer over-read in...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty and are affected by cross-site scripting.
Summary The security issue described in CVE-2025-12635 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
SUSE-SU-2025:21217-1 Security update for libpng16
This update for libpng16 fixes the following issues: - CVE-2025-66293: Fixed out-of-bounds read in pngimagereadcomposite bsc1254480. - CVE-2025-64505: Fixed heap buffer over-read in pngdoquantize via malformed palette index bsc1254157. - CVE-2025-64506: Fixed heap buffer over-read in...
Fedora 43 : libpng (2025-7f360be18f)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-7f360be18f advisory. Fixed CVE-2025-66293 high severity: Out-of-bounds read in pngimagereadcomposite. Fixed the Paeth filter handling in the RISC-V RVV implementation. Improved t...
Important: libpng
Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...
Important: firefox
Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...
LIBPNG has an out-of-bounds read in png_image_read_composite
...
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing...
LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
...
CVE-2025-64720 LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...
CVE-2025-64720
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...
EUVD-2025-199092
Malicious code in composite-reducer npm...
Malicious code in composite-reducer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8eecfe869a6cc75f59e734412ec583d6bb95ddaab6b45c9c22526ba7b556e004 The package composite-reducer was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190951 Malicious code in composite-reducer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8eecfe869a6cc75f59e734412ec583d6bb95ddaab6b45c9c22526ba7b556e004 The package composite-reducer was found to contain malicious code. Source: ghsa-malware...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty and are affcted by affected by SMTP injection due to Jakarta Mail.
Summary The security issue described in CVE-2025-7962 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
A Comparative Study of Hybrid Post-Quantum Cryptographic X.509 Certificate Schemes
As quantum computing hardware continues to advance, the integration of such technology with quantum algorithms is anticipated to enable the decryption of ciphertexts produced by RSA and Elliptic Curve Cryptography ECC within polynomial time. In response to this emerging threat, the U.S. National...
EUVD-2012-1589
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414445)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414445 advisory. An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS...
EUVD-2021-32651
Malicious code in bioql PyPI...