OSV-2026-868 Use-of-uninitialized-value in vp8_regular_quantize_b_sse4_1

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=520318421 Crash type: Use-of-uninitialized-value Crash state: vp8regularquantizebsse41 macroblockyrd vp8rdpickintramode...

EulerOS Virtualization 2.12.0 : libpng (EulerOS-SA-2026-2104)

According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via pngcreatereadstruct...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017766)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017766 advisory. In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. Tenable has extracted the...

Astra Linux - уязвимость в libpng1.6

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...

TencentOS Server 3: libpng12 (TSSA-2026:0255)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0255 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 2: libpng12 (TSSA-2026:0259)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0259 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CLSA-2026-1777311274 Fix CVE(s): CVE-2026-22801, CVE-2026-25646

SECURITY UPDATE: Heap buffer over-read in pngwriteimage due to truncation of ptrdifft row stride to pnguint16 - debian/patches/CVE-2026-22801.patch: remove incorrect truncation casts from pngwriteimage16bit, pngwriteimage8bit, and pngimagewritemain so large 65535 and negative row strides are...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

libpng12 security update

1.2.50-10.0.1 - Fix CVE-2026-25646: heap buffer overflow in pngsetquantize Orabug: 39183864...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

Alibaba Cloud Linux 3 : 0074: libpng15 (ALINUX3-SA-2026:0074)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0074 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25646: LIBPNG is a reference library for u...

Fedora 43 : libpng15 (2026-60fce94678)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-60fce94678 advisory. fix CVE-2026-25646: heap buffer overflow in pngsetquantize Tenable has extracted the preceding description block directly from the Fedora security advisory...

MGASA-2026-0096 Updated libpng12 packages fix security vulnerability

LIBPNG has a heap buffer overflow in pngsetquantize. CVE-2026-25646...

RLSA-2026:6439 Important: libpng15 security update

The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files. This version should be used only if you are unable to use the current version of libpng. Security Fixes: libpng: LIBPNG has a heap buffer overflow i...

RLSA-2026:6445 Important: libpng12 security update

The libpng12 package provides libpng 1.2, which is the previous version of the libpng library for manipulating PNG Portable Network Graphics image format files. This version should be used in case that it is not possible to use the current version of libpng. Security Fixes: libpng: LIBPNG has a...

libpng12 security update

An update is available for libpng12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpng12 package provides libpng 1.2, which is the previous version of t...

libpng15 security update

An update is available for libpng15. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpng15 package provides libpng 1.5, an older version of the libpng...

RockyLinux 8 : libpng15 (RLSA-2026:6439)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6439 advisory. libpng: LIBPNG has a heap buffer overflow in pngsetquantize CVE-2026-25646 Tenable has extracted the preceding description block directly from the RockyLinux...

RockyLinux 8 : libpng12 (RLSA-2026:6445)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6445 advisory. libpng: LIBPNG has a heap buffer overflow in pngsetquantize CVE-2026-25646 Tenable has extracted the preceding description block directly from the RockyLinux...