Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE libpng16 Important Heap Buffer Overflow Memory Leak Vuln 20530-1

suse
Calendar Grey March 4, 2026
Dist Suse Esm H88
An important update for libpng16 addresses five vulnerabilities affecting SUSE. Ensure timely installation.
An update that solves five vulnerabilities can now be installed.

Summary

## This update for libpng16 fixes the following issues: * CVE-2026-25646: Fixed a heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). * CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). * CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). * CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525). * CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-411=1 ## Package List:

Topics%20covered

Topics Covered

security advisory SuSE important heap buffer overflow memory leaks libpng16

References

* bsc#1256525

* bsc#1256526

* bsc#1257364

* bsc#1257365

* bsc#1258020

Cross-

* CVE-2025-28162

* CVE-2025-28164

* CVE-2026-22695

* CVE-2026-22801

* CVE-2026-25646

CVSS scores:

* CVE-2025-28162 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-28162 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2025-28162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-28164 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-28164 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2025-28164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-22695 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20530-1
Release Date: 2026-02-26T11:25:49Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE important heap buffer overflow memory leaks libpng16

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here