Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 0 articles for you...
100

SUSE libpng15 Moderate Buffer Overflow Security Update 2026-2619-1

An update that solves one vulnerability and contains one feature can now be installed.. # Security update for libpng15 Announcement ID: SUSE-SU-2026:2619-1 Release Date: 2026-06-24T09:03:55Z Rating: moderate References: * bsc#1254159 * jsc#PED-16191 Cross-References: * CVE-2025-64720 CVSS scores: * CVE-2025-64720 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-64720 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2025-64720 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for libpng15 fixes the following issues Security issues: * CVE-2025-64720: buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159). Non security issue: * version update to 1.5.30 (jsc#PED-16191). Changes for libpng15: * Replaced "unexpected" with an integer in pngset.c where a long was expected, to avoid a compiler warning when PNG_DEBUG > 1. * Fix typecast in a png_debug2() statement in png_set_text_2() to avoid a compiler warning in PNG_DEBUG builds. * Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds. * Avoid a harmless potential integer overflow in png_XYZ_from_xy() (Bug report from Christopher Ferris). * Removed WRITE_WEIGHTED_FILTERED code, to save a few kbytes of the compiled library size. It never worked properly and as far as we can tell, no one uses it. The png_set_filter_heuristics() and png_set_filter_heuristics_fixed() APIs are retained but deprecated and do nothing. * Avoid potentially dereferencing NULL info_ptr in png_info_init_3(). Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT,PNG_COST_FACTOR, and PNG_WEIGHT_FACTOR macros. * Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c * Fixed uninitialized variable in contrib/gregbook/rpng2-x.c * Fixed some bad links in the man page. * Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert Seacord). * Fixed the recently reported 1's complement security issue by replacing the value that is illegal in the PNG spec, in both signed and unsigned values, with 0. Illegal unsigned values (anything greater than or equal to 0x80000000) can still pass through, but since these are not illegal in ANSI-C (unlike 0x80000000 in the signed case) the checking that occurs later can catch them (John Bowler). * Fixed png_save_int_32 when int is not 2's complement (John Bowler). * Fixed byte order in png_do_read_filler() with 16-bit input (previously fixed in libpng-1.6.17 and 1.7.0beta46). Previously the high and low bytes of the filler, from png_set_filler() or from png_set_add_alpha(), were read in the wrong order. * Merged pngvalid.c with version 1.6.19. * Added sPLT support to pngtest.c * Prevent writing over-length PLTE chunk (Cosmin Truta). * Libpng incorrectly calculated the output rowbytes when the application decreased either the number of channels or the bit depth (or both) in a user transform. This was safe; libpng overallocated buffer space (potentially by quite a lot; up to 4 times the amount required) but, from 1.5.4 on, resulted in a png_error (John Bowler). * Silently truncate over-length PLTE chunk while reading. * Fixed some inconsequential cut-and-paste typos in png_set_cHRM_XYZ_fixed(). * Clarified COPYRIGHT information to state explicitly that versions are derived from previous versions. Removed much of the long list of previous versions from png.h and libpng.3. * Fixed new bug with CRC error after reading an over-length palette (bug report by Cosmin Truta) (CVE-2015-8126). * Cleaned up coding style inpng_handle_PLTE(). * Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(), png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr). * Fixed incorrect implementation of png_set_PLTE() that uses png_ptr not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 vulnerability. Fixes CVE-2015-8472. * Fixed an out-of-range read in png_check_keyword() (Bug report from * Qixue Xiao, CVE-2015-8540). * Corrected copyright dates in source files. * Moved png_check_keyword() from pngwutil.c to pngset.c * Added keyword checks to pngset.c (John Bowler). * Removed LE/BE dependencies in pngvalid, to 'fix' the current problem in the BigEndian tests by not testing it, making the BE code the same as the LE version. * Fixes to pngvalid for various reduced build configurations (eliminate unused statics) and a fix for the case in rgb_to_gray when the digitize option reduces graylo to 0, producing a large error. * Widened the 'limit' check on the internally calculated error limits in the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error checks) and changed the check to only operate in non-release builds (base build type not RC or RELEASE.) * Fixed undefined behavior in pngvalid.c, undefined because (png_byte)

Calendar%202 Jun 24, 2026 SuSE
219

Rocky Linux 9 libpng15 Moderate Code Execution Issue RLSA-2026-28244

Moderate: libpng15 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:28244", "synopsis": "Moderate: libpng15 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for libpng15.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2451805", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", "description": ""}], "cves": [{"name": "CVE-2026-33416", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-825"}], "references": [], "publishedAt": "2026-06-24T12:03:26.635873Z", "rpms": {"Rocky Linux 9": {"nvras": ["libpng15-0:1.5.30-15.el9_8.1.aarch64.rpm", "libpng15-0:1.5.30-15.el9_8.1.i686.rpm", "libpng15-0:1.5.30-15.el9_8.1.ppc64le.rpm", "libpng15-0:1.5.30-15.el9_8.1.s390x.rpm", "libpng15-0:1.5.30-15.el9_8.1.src.rpm", "libpng15-0:1.5.30-15.el9_8.1.x86_64.rpm", "libpng15-debuginfo-0:1.5.30-15.el9_8.1.aarch64.rpm", "libpng15-debuginfo-0:1.5.30-15.el9_8.1.i686.rpm", "libpng15-debuginfo-0:1.5.30-15.el9_8.1.ppc64le.rpm", "libpng15-debuginfo-0:1.5.30-15.el9_8.1.s390x.rpm","libpng15-debuginfo-0:1.5.30-15.el9_8.1.x86_64.rpm", "libpng15-debugsource-0:1.5.30-15.el9_8.1.aarch64.rpm", "libpng15-debugsource-0:1.5.30-15.el9_8.1.i686.rpm", "libpng15-debugsource-0:1.5.30-15.el9_8.1.ppc64le.rpm", "libpng15-debugsource-0:1.5.30-15.el9_8.1.s390x.rpm", "libpng15-debugsource-0:1.5.30-15.el9_8.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A moderate security update for libpng15 on Rocky Linux addresses arbitrary code execution risk due to a use-after-free issue. Update advised.. libpng15 update, Rocky Linux security, use-after-free issue, update libpng, security advisory. . LinuxSecurity.com Team

Calendar%202 Jun 24, 2026 Rocky Linux
217

Oracle Linux 8 ELSA-2026-26347 Libpng15 Moderate Use After Free

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26347 http://linux.oracle.com/errata/ELSA-2026-26347.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libpng15-1.5.30-9.el8_10.i686.rpm libpng15-1.5.30-9.el8_10.x86_64.rpm aarch64: libpng15-1.5.30-9.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libpng15-1.5.30-9.el8_10.src.rpm Related CVEs: CVE-2026-33416 Description of changes: [1.5.30-9] - fix CVE-2026-33416: use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE (RHEL-161346) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 security advisory ELSA-2026-26347 addresses a moderate issue in libpng15 due to CVE-2026-33416.. Oracle Linux libpng15 security update. . LinuxSecurity.com Team

Calendar%202 Jun 18, 2026 Oracle
89

Fedora 44 libpng15 Critical Heap Buffer Overflow CVE-2026-25646

fix CVE-2026-25646: heap buffer overflow in png_set_quantize. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-bcba077d11 2026-04-25 01:21:36.171579+00:00 -------------------------------------------------------------------------------- Name : libpng15 Product : Fedora 44 Version : 1.5.30 Release : 25.fc44 URL : http://www.libpng.org/pub/png/ Summary : Old version of libpng, needed to run old binaries Description : The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-25646: heap buffer overflow in png_set_quantize -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2026 Michal Hlavinka - 1.5.30-25 - fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438683) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2438683 - CVE-2026-25646 libpng15: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438683 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bcba077d11' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Heap buffer overflow vulnerability resolved in libpng15 for Fedora 44 as detailed in advisory 2026-bcba077d11 ensuring system security and stability. libpng15 security, Fedora 44 update, heap buffer overflow. . LinuxSecurity.com Team

Calendar%202 Apr 25, 2026 Fedora
100

SUSE libpng15 Important Update Fixing Use-After-Free Issues 2026-1500-1

An update that solves two vulnerabilities can now be installed.. # Security update for libpng15 Announcement ID: SUSE-SU-2026:1500-1 Release Date: 2026-04-20T16:16:44Z Rating: important References: * bsc#1260754 * bsc#1261957 Cross-References: * CVE-2026-33416 * CVE-2026-34757 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng15 fixes the following issues: * CVE-2026-34757: use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` can lead to information disclosure and data corruption (bsc#1261957). * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1500=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patchSUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1500=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng15-debugsource-1.5.22-10.10.1 * libpng15-15-debuginfo-1.5.22-10.10.1 * libpng15-15-1.5.22-10.10.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng15-debugsource-1.5.22-10.10.1 * libpng15-15-debuginfo-1.5.22-10.10.1 * libpng15-15-1.5.22-10.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1261957 . Update for SUSE libpng15 addresses two crucial issues: use-after-free flaws leading to data corruption and execution risks.. SUSE libpng15 security update, important vulnerabilities libpng15, SUSE patch details, arbitrary code execution risk. . LinuxSecurity.com Team

Calendar%202 Apr 21, 2026 SuSE
89

Fedora 42 libpng15 Critical Heap Buffer Overflow Fix CVE-2026-25646

fix CVE-2026-25646: heap buffer overflow in png_set_quantize. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-4e514c1c36 2026-04-10 01:10:26.730887+00:00 -------------------------------------------------------------------------------- Name : libpng15 Product : Fedora 42 Version : 1.5.30 Release : 25.fc42 URL : http://www.libpng.org/pub/png/ Summary : Old version of libpng, needed to run old binaries Description : The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. -------------------------------------------------------------------------------- Update Information: fix CVE-2026-25646: heap buffer overflow in png_set_quantize -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2026 Michal Hlavinka - 1.5.30-25 - fix CVE-2026-25646: heap buffer overflow in png_set_quantize (rhbz#2438683) * Fri Jan 16 2026 Fedora Release Engineering - 1.5.30-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Thu Jul 24 2025 Fedora Release Engineering - 1.5.30-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2438671 - CVE-2026-25646 libpng15: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438671 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4e514c1c36' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical update for Fedora 42 regarding libpng15 to fix heap buffer overflow and improve system security.. Fedora 42, libpng15, buffer overflow, security advisory. . LinuxSecurity.com Team

Calendar%202 Apr 10, 2026 Fedora
219

Ubuntu 20.04 RLSB-2022-7845 Key Points on Moderate Buffer Underflow Threat

Important: libpng15 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:6439", "synopsis": "Important: libpng15 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for libpng15.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2438542", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "description": ""}], "cves": [{"name": "CVE-2026-25646", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-25646", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "cvss3BaseScore": "7.0", "cwe": "CWE-125"}], "references": [], "publishedAt": "2026-04-09T06:02:21.819616Z", "rpms": {"Rocky Linux 8": {"nvras": ["libpng15-0:1.5.30-8.el8_10.aarch64.rpm", "libpng15-0:1.5.30-8.el8_10.i686.rpm", "libpng15-0:1.5.30-8.el8_10.src.rpm", "libpng15-0:1.5.30-8.el8_10.x86_64.rpm", "libpng15-debuginfo-0:1.5.30-8.el8_10.aarch64.rpm", "libpng15-debuginfo-0:1.5.30-8.el8_10.i686.rpm", "libpng15-debuginfo-0:1.5.30-8.el8_10.x86_64.rpm", "libpng15-debugsource-0:1.5.30-8.el8_10.aarch64.rpm", "libpng15-debugsource-0:1.5.30-8.el8_10.i686.rpm", "libpng15-debugsource-0:1.5.30-8.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}.libpng15 security update available for Rocky Linux 8, addressing important buffer overflow issues requiring attention.. libpng15 security update, Rocky Linux 8 vulnerabilities, buffer overflow fix. . LinuxSecurity.com Team

Calendar%202 Apr 09, 2026 Rocky Linux
100

SUSE libpng16 Severe Vulnerability Alert SUSE-SU-2026-0910-5

An update that solves one vulnerability can now be installed.. # Security update for libpng15 Announcement ID: SUSE-SU-2026:0898-1 Release Date: 2026-03-13T15:26:30Z Rating: moderate References: * bsc#1254157 Cross-References: * CVE-2025-64505 CVSS scores: * CVE-2025-64505 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-64505 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2025-64505 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libpng15 fixes the following issues: * CVE-2025-64505: heap buffer over-read in 'png_do_quantize' via malformed palette index (bsc#1254157). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-898=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng15-15-debuginfo-1.5.22-10.7.1 * libpng15-15-1.5.22-10.7.1 * libpng15-debugsource-1.5.22-10.7.1 ## References: * https://www.suse.com/security/cve/CVE-2025-64505.html * https://bugzilla.suse.com/show_bug.cgi?id=1254157 . An update for SUSE Linux addresses a moderate vulnerability in libpng15, fixing heap buffer over-read.. SUSE Linux, security update, libpng15, heap buffer over-read, CVE-2025-64505. . LinuxSecurity.com Team

Calendar%202 Mar 13, 2026 SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200