Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 448
Alerts This Week
Warning Icon 1 448

SUSE: libpng16 Important Buffer Overflow Threat Advisory 2026:20030-1

suse
Calendar Grey January 15, 2026
Dist Suse Esm H88
An essential security update for libpng16 addresses multiple important issues with various CVE entries for SUSE.
An update that solves five vulnerabilities can now be installed.

Summary

## This update for libpng16 fixes the following issues: * CVE-2025-64505: heap buffer over-read in `png_do_quantize` when processing PNG files malformed palette indices (bsc#1254157). * CVE-2025-64506: heap buffer over-read in `png_write_image_8bit` when processing 8-bit input with `convert_to_8bit` enabled (bsc#1254158). * CVE-2025-64720: out-of-bounds read in `png_image_read_composite` when processing palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled (bsc#1254159). * CVE-2025-65018: heap buffer overflow in `png_image_finish_read` when processing specially crafted 16-bit interlaced PNGs with 8-bit output format (bsc#1254160). * CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial transparency and gamma correction

References

* bsc#1254157

* bsc#1254158

* bsc#1254159

* bsc#1254160

* bsc#1254480

Cross-

* CVE-2025-64505

* CVE-2025-64506

* CVE-2025-64720

* CVE-2025-65018

* CVE-2025-66293

CVSS scores:

* CVE-2025-64505 ( SUSE ): 6.9

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-64505 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2025-64505 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

* CVE-2025-64506 ( SUSE ): 6.9

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-64506 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2025-64506 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

* CVE-2025-64720 ( SUSE ): 6.9

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20030-1
Release Date: 2026-01-12T11:14:46Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.