Security update for libpng16 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0085-1 Final 1 1 2026-01-09T15:01:38Z current 2026-01-09T15:01:38Z 2026-01-09T15:01:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libpng16 This update for libpng16 fixes the following issues: - CVE-2025-66293: out-of-bounds read of the `png_sRGB_base` array when processing palette PNG images with partial transparency and gamma correction (bsc#1254480). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-85,SUSE-SLE-SERVER-12-SP5-LTSS-2026-85,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-85 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260085-1/ Link for SUSE-SU-2026:0085-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023730.html E-Mail link for SUSE-SU-2026:0085-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1254480 SUSE Bug 1254480 https://www.suse.com/security/cve/CVE-2025-66293/ SUSE CVE CVE-2025-66293 page SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libpng16-16-1.6.8-15.12.1 libpng16-16-32bit-1.6.8-15.12.1 libpng16-16-64bit-1.6.8-15.12.1 libpng16-compat-devel-1.6.8-15.12.1 libpng16-compat-devel-32bit-1.6.8-15.12.1 libpng16-compat-devel-64bit-1.6.8-15.12.1 libpng16-devel-1.6.8-15.12.1 libpng16-devel-32bit-1.6.8-15.12.1 libpng16-devel-64bit-1.6.8-15.12.1 libpng16-tools-1.6.8-15.12.1 libpng16-16-1.6.8-15.12.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libpng16-16-32bit-1.6.8-15.12.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libpng16-compat-devel-1.6.8-15.12.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libpng16-devel-1.6.8-15.12.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libpng16-16-1.6.8-15.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libpng16-16-32bit-1.6.8-15.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libpng16-compat-devel-1.6.8-15.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libpng16-devel-1.6.8-15.12.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later. CVE-2025-66293 SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-32bit-1.6.8-15.12.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-1.6.8-15.12.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-16-32bit-1.6.8-15.12.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-compat-devel-1.6.8-15.12.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libpng16-devel-1.6.8-15.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260085-1/ https://www.suse.com/security/cve/CVE-2025-66293.html CVE-2025-66293 https://bugzilla.suse.com/1254480 SUSE Bug 1254480