File _patchinfo of Package patchinfo.41903

<patchinfo incident="41903">
  <issue tracker="cve" id="2025-64720"/>
  <issue tracker="cve" id="2025-66293"/>
  <issue tracker="cve" id="2025-65018"/>
  <issue tracker="cve" id="2025-64505"/>
  <issue tracker="cve" id="2025-64506"/>
  <issue tracker="bnc" id="1254158">VUL-0: CVE-2025-64506: libpng12,libpng12-0,libpng15,libpng16: heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled</issue>
  <issue tracker="bnc" id="1254160">VUL-0: CVE-2025-65018: libpng12,libpng12-0,libpng15,libpng16: heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`</issue>
  <issue tracker="bnc" id="1254159">VUL-0: CVE-2025-64720: libpng12,libpng12-0,libpng15,libpng16: buffer overflow in `png_image_read_composite` via incorrect palette premultiplication</issue>
  <issue tracker="bnc" id="1254157">VUL-0: CVE-2025-64505: libpng12,libpng12-0,libpng15,libpng16: heap buffer over-read in `png_do_quantize` via malformed palette index</issue>
  <issue tracker="bnc" id="1254480">VUL-0: CVE-2025-66293: libpng: LIBPNG out-of-bounds read in png_image_read_composite</issue>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libpng16</summary>
  <description>This update for libpng16 fixes the following issues:

- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
</description>
</patchinfo>