Alerts This Week
Warning Icon 1 717
Alerts This Week
Warning Icon 1 717

SUSE 15 SP7 libpng Major Memory Leak Issue SUSE-SU-2026-1718-1

suse
Calendar Grey May 6, 2026
Dist Suse Esm H88
Install SUSE's important libpng12 update that resolves three vulnerabilities and enhances system security.
An update that solves three vulnerabilities and contains one feature can now be installed.

Summary

## This update for libpng12 fixes the following issues: Update to version 1.2.59 (jsc#PED-16191). Security issues : * CVE-2017-12652: missing chunk length check can lead to sensitive information disclosure, data corruption or crash (bsc#1141493). * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-34757: use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` can lead to corrupted chunk data and potential heap information disclosure (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7

Topics%20covered

Topics Covered

security advisory SuSE arbitrary code execution important use-after-free libpng12

References

* bsc#1141493

* bsc#1260754

* bsc#1261957

* jsc#PED-16191

Cross-

* CVE-2017-12652

* CVE-2026-33416

* CVE-2026-34757

CVSS scores:

* CVE-2017-12652 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2017-12652 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2017-12652 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2017-12652 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2017-12652 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-33416 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1716-1
Release Date: 2026-05-06T12:11:56Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE arbitrary code execution important use-after-free libpng12

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here