Security update for libpng16 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4494-1 Final 1 1 2025-12-19T13:14:13Z current 2025-12-19T13:14:13Z 2025-12-19T13:14:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libpng16 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/openjdk-devel:17-2025-4494,Container bci/openjdk-devel:21-2025-4494,Container bci/openjdk-devel:latest-2025-4494,Container bci/openjdk:17-2025-4494,Container bci/openjdk:21-2025-4494,Container bci/openjdk:latest-2025-4494,Container private-registry/harbor-portal:latest-2025-4494,Container suse/kiosk/firefox-esr:latest-2025-4494,Container suse/kiosk/pulseaudio:latest-2025-4494,Container suse/kiosk/xorg-client:latest-2025-4494,Container suse/kiosk/xorg:latest-2025-4494,Container suse/nginx:latest-2025-4494,SUSE-2025-4494,SUSE-SLE-Module-Basesystem-15-SP6-2025-4494,SUSE-SLE-Module-Basesystem-15-SP7-2025-4494,openSUSE-SLE-15.6-2025-4494 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254494-1/ Link for SUSE-SU-2025:4494-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023633.html E-Mail link for SUSE-SU-2025:4494-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1254157 SUSE Bug 1254157 https://bugzilla.suse.com/1254158 SUSE Bug 1254158 https://bugzilla.suse.com/1254159 SUSE Bug 1254159 https://bugzilla.suse.com/1254160 SUSE Bug 1254160 https://bugzilla.suse.com/1254480 SUSE Bug 1254480 https://www.suse.com/security/cve/CVE-2025-64505/ SUSE CVE CVE-2025-64505 page https://www.suse.com/security/cve/CVE-2025-64506/ SUSE CVE CVE-2025-64506 page https://www.suse.com/security/cve/CVE-2025-64720/ SUSE CVE CVE-2025-64720 page https://www.suse.com/security/cve/CVE-2025-65018/ SUSE CVE CVE-2025-65018 page https://www.suse.com/security/cve/CVE-2025-66293/ SUSE CVE CVE-2025-66293 page Container bci/openjdk-devel:17 Container bci/openjdk-devel:21 Container bci/openjdk-devel:latest Container bci/openjdk:17 Container bci/openjdk:21 Container bci/openjdk:latest Container private-registry/harbor-portal:latest Container suse/kiosk/firefox-esr:latest Container suse/kiosk/pulseaudio:latest Container suse/kiosk/xorg-client:latest Container suse/kiosk/xorg:latest Container suse/nginx:latest SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 openSUSE Leap 15.6 libpng16-16-1.6.40-150600.3.3.1 libpng16-16-32bit-1.6.40-150600.3.3.1 libpng16-16-64bit-1.6.40-150600.3.3.1 libpng16-compat-devel-1.6.40-150600.3.3.1 libpng16-compat-devel-32bit-1.6.40-150600.3.3.1 libpng16-compat-devel-64bit-1.6.40-150600.3.3.1 libpng16-devel-1.6.40-150600.3.3.1 libpng16-devel-32bit-1.6.40-150600.3.3.1 libpng16-devel-64bit-1.6.40-150600.3.3.1 libpng16-tools-1.6.40-150600.3.3.1 libpng16-16-1.6.40-150600.3.3.1 as a component of Container bci/openjdk-devel:17 libpng16-16-1.6.40-150600.3.3.1 as a component of Container bci/openjdk-devel:21 libpng16-16-1.6.40-150600.3.3.1 as a component of Container bci/openjdk-devel:latest libpng16-16-1.6.40-150600.3.3.1 as a component of Container bci/openjdk:17 libpng16-16-1.6.40-150600.3.3.1 as a component of Container bci/openjdk:21 libpng16-16-1.6.40-150600.3.3.1 as a component of Container bci/openjdk:latest libpng16-16-1.6.40-150600.3.3.1 as a component of Container private-registry/harbor-portal:latest libpng16-16-1.6.40-150600.3.3.1 as a component of Container suse/kiosk/firefox-esr:latest libpng16-16-1.6.40-150600.3.3.1 as a component of Container suse/kiosk/pulseaudio:latest libpng16-16-1.6.40-150600.3.3.1 as a component of Container suse/kiosk/xorg-client:latest libpng16-16-1.6.40-150600.3.3.1 as a component of Container suse/kiosk/xorg:latest libpng16-16-1.6.40-150600.3.3.1 as a component of Container suse/nginx:latest libpng16-16-1.6.40-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libpng16-16-32bit-1.6.40-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libpng16-compat-devel-1.6.40-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libpng16-devel-1.6.40-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libpng16-16-1.6.40-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libpng16-16-32bit-1.6.40-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libpng16-compat-devel-1.6.40-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libpng16-devel-1.6.40-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libpng16-16-1.6.40-150600.3.3.1 as a component of openSUSE Leap 15.6 libpng16-16-32bit-1.6.40-150600.3.3.1 as a component of openSUSE Leap 15.6 libpng16-compat-devel-1.6.40-150600.3.3.1 as a component of openSUSE Leap 15.6 libpng16-compat-devel-32bit-1.6.40-150600.3.3.1 as a component of openSUSE Leap 15.6 libpng16-devel-1.6.40-150600.3.3.1 as a component of openSUSE Leap 15.6 libpng16-devel-32bit-1.6.40-150600.3.3.1 as a component of openSUSE Leap 15.6 libpng16-tools-1.6.40-150600.3.3.1 as a component of openSUSE Leap 15.6 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51. CVE-2025-64505 Container bci/openjdk-devel:17:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk-devel:21:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk-devel:latest:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:17:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:21:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:latest:libpng16-16-1.6.40-150600.3.3.1 Container private-registry/harbor-portal:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/firefox-esr:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/pulseaudio:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/xorg-client:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/xorg:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/nginx:latest:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254494-1/ https://www.suse.com/security/cve/CVE-2025-64505.html CVE-2025-64505 https://bugzilla.suse.com/1254157 SUSE Bug 1254157 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51. CVE-2025-64506 Container bci/openjdk-devel:17:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk-devel:21:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk-devel:latest:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:17:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:21:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:latest:libpng16-16-1.6.40-150600.3.3.1 Container private-registry/harbor-portal:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/firefox-esr:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/pulseaudio:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/xorg-client:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/xorg:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/nginx:latest:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254494-1/ https://www.suse.com/security/cve/CVE-2025-64506.html CVE-2025-64506 https://bugzilla.suse.com/1254158 SUSE Bug 1254158 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51. CVE-2025-64720 Container bci/openjdk-devel:17:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk-devel:21:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk-devel:latest:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:17:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:21:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:latest:libpng16-16-1.6.40-150600.3.3.1 Container private-registry/harbor-portal:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/firefox-esr:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/pulseaudio:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/xorg-client:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/xorg:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/nginx:latest:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254494-1/ https://www.suse.com/security/cve/CVE-2025-64720.html CVE-2025-64720 https://bugzilla.suse.com/1254159 SUSE Bug 1254159 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51. CVE-2025-65018 Container bci/openjdk-devel:17:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk-devel:21:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk-devel:latest:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:17:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:21:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:latest:libpng16-16-1.6.40-150600.3.3.1 Container private-registry/harbor-portal:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/firefox-esr:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/pulseaudio:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/xorg-client:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/xorg:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/nginx:latest:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254494-1/ https://www.suse.com/security/cve/CVE-2025-65018.html CVE-2025-65018 https://bugzilla.suse.com/1254160 SUSE Bug 1254160 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. CVE-2025-66293 Container bci/openjdk-devel:17:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk-devel:21:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk-devel:latest:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:17:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:21:libpng16-16-1.6.40-150600.3.3.1 Container bci/openjdk:latest:libpng16-16-1.6.40-150600.3.3.1 Container private-registry/harbor-portal:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/firefox-esr:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/pulseaudio:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/xorg-client:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/kiosk/xorg:latest:libpng16-16-1.6.40-150600.3.3.1 Container suse/nginx:latest:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-16-32bit-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-compat-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng16-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-16-32bit-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-compat-devel-1.6.40-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng16-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-16-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-16-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-compat-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-compat-devel-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-devel-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-devel-32bit-1.6.40-150600.3.3.1 openSUSE Leap 15.6:libpng16-tools-1.6.40-150600.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254494-1/ https://www.suse.com/security/cve/CVE-2025-66293.html CVE-2025-66293 https://bugzilla.suse.com/1254480 SUSE Bug 1254480