Overview

File _patchinfo of Package patchinfo.42241

<patchinfo incident="42241">
  <issue tracker="cve" id="2026-22695"/>
  <issue tracker="cve" id="2026-22801"/>
  <issue tracker="cve" id="2025-28162"/>
  <issue tracker="cve" id="2025-28164"/>
  <issue tracker="cve" id="2026-25646"/>
  <issue tracker="bnc" id="1257365">VUL-0: CVE-2025-28164: libpng16: memory leaks when running `pngimage`</issue>
  <issue tracker="bnc" id="1257364">VUL-0: CVE-2025-28162: libpng16: memory leaks when running `pngimage`</issue>
  <issue tracker="bnc" id="1256525">VUL-0: CVE-2026-22695: libpng16: Heap buffer over-read in png_image_finish_read</issue>
  <issue tracker="bnc" id="1256526">VUL-0: CVE-2026-22801: libpng16: Integer truncation causing heap buffer over-read in png_image_write_*</issue>
  <issue tracker="bnc" id="1258020">VUL-0: CVE-2026-25646: libpng12,libpng15,libpng16: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize</issue>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libpng16</summary>
  <description>This update for libpng16 fixes the following issues:

- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places