https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291266
Bug ID: 291266
Summary: graphics/png update to 1.6.51
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: [email protected]
Reporter: [email protected]
Assignee: [email protected]
Flags: maintainer-feedback?([email protected])
Created attachment 265690
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=265690&action=edit
patch to update png to 1.6.51
upgrade to 1.6.51 fixes 4 vulnerabilities:
- CVE-2025-64505 (moderate severity): Heap buffer overflow in png_do_quantize()
via malformed palette index
- CVE-2025-64506 (moderate severity): Heap buffer over-read in
png_write_image_8bit() with 8-bit input and convert_to_8bit enabled
- CVE-2025-64720 (high severity): Buffer overflow in png_image_read_composite()
via incorrect palette
- CVE-2025-65018 (high severity): Heap buffer overflow in png_combine_row()
triggered via png_image_finish_read()
build works, haven't installed it anywhere yet.
--
You are receiving this mail because:
You are the assignee for the bug.
