Bugzilla Automation <[email protected]> has asked freebsd-desktop (Team) <[email protected]> for maintainer-feedback: Bug 291266: graphics/png update to 1.6.51 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291266
--- Description --- upgrade to 1.6.51 fixes 4 vulnerabilities: - CVE-2025-64505 (moderate severity): Heap buffer overflow in png_do_quantize() via malformed palette index - CVE-2025-64506 (moderate severity): Heap buffer over-read in png_write_image_8bit() with 8-bit input and convert_to_8bit enabled - CVE-2025-64720 (high severity): Buffer overflow in png_image_read_composite() via incorrect palette - CVE-2025-65018 (high severity): Heap buffer overflow in png_combine_row() triggered via png_image_finish_read() build works, haven't installed it anywhere yet.
