[ubuntu/plucky-security] libpng1.6 1.6.47-1.1ubuntu0.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Jan 14 16:35:44 UTC 2026
libpng1.6 (1.6.47-1.1ubuntu0.3) plucky-security; urgency=medium
* SECURITY UPDATE: OOB in png_image_read_composite
- debian/patches/CVE-2025-66293-1.patch: validate component size in
pngread.c.
- debian/patches/CVE-2025-66293-2.patch: improve fix in pngread.c.
- CVE-2025-66293
* SECURITY UPDATE: Heap buffer over-read in png_image_read_direct_scaled
- debian/patches/CVE-2026-22695.patch: fix memcpy size in pngread.c.
- CVE-2026-22695
* SECURITY UPDATE: Integer truncation causing heap buffer over-read
- debian/patches/CVE-2026-22801.patch: remove incorrect truncation
casts in CMakeLists.txt, contrib/libtests/pngstest.c, pngwrite.c,
tests/pngstest-large-stride.
- CVE-2026-22801
Date: 2026-01-13 15:07:11.740231+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.47-1.1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list