UbuntuUpdates.org

Package "libpng-tools"

Name: libpng-tools

Description:

PNG library - tools (version 1.6)
Latest version: 1.6.37-3ubuntu0.4
Release: jammy (22.04)
Level: security
Repository: main
Head package: libpng1.6
Homepage: http://libpng.org/pub/png/libpng.html

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libpng-tools"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libpng-tools" in Jammy

Repository Area Version
base main 1.6.37-3build5
updates main 1.6.37-3ubuntu0.4

Changelog

Version: 1.6.37-3ubuntu0.4 2026-02-12 23:07:52 UTC

  libpng1.6 (1.6.37-3ubuntu0.4) jammy-security; urgency=medium

  * SECURITY UPDATE: OOB read in png_set_quantize()
    - debian/patches/CVE-2026-25646.patch: fix a heap buffer overflow in
      pngrtran.c.
    - CVE-2026-25646

 -- Marc Deslauriers <email address hidden> Wed, 11 Feb 2026 09:27:33 -0500
Source diff to previous version
CVE-2026-25646 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to

Version: 1.6.37-3ubuntu0.3 2026-01-14 18:07:38 UTC

  libpng1.6 (1.6.37-3ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: OOB in png_image_read_composite
    - debian/patches/CVE-2025-66293-1.patch: validate component size in
      pngread.c.
    - debian/patches/CVE-2025-66293-2.patch: improve fix in pngread.c.
    - CVE-2025-66293
  * SECURITY UPDATE: Heap buffer over-read in png_image_read_direct_scaled
    - debian/patches/CVE-2026-22695.patch: fix memcpy size in pngread.c.
    - CVE-2026-22695
  * SECURITY UPDATE: Integer truncation causing heap buffer over-read
    - debian/patches/CVE-2026-22801.patch: remove incorrect truncation
      casts in CMakeLists.txt, contrib/libtests/pngstest.c, pngwrite.c,
      tests/pngstest-large-stride.
    - CVE-2026-22801

 -- Marc Deslauriers <email address hidden> Mon, 12 Jan 2026 13:14:59 -0500
Source diff to previous version
CVE-2025-66293 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to
CVE-2026-22695 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.
CVE-2026-22801 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.

Version: 1.6.37-3ubuntu0.1 2025-12-11 07:07:38 UTC

  libpng1.6 (1.6.37-3ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: buffer overflow issue
    - debian/patches/CVE-2025-64505.patch: Fix a buffer overflow in
      png_do_quantize
    - debian/patches/CVE-2025-64506.patch: Fix a heap buffer overflow in
      png_write_image_8bit
    - debian/patches/CVE-2025-64720.patch: Fix a buffer overflow in
      png_init_read_transformations
    - debian/patches/CVE-2025-65018.patch: Fix a heap buffer overflow in
      png_image_finish_read
    - CVE-2025-64505
    - CVE-2025-64506
    - CVE-2025-64720
    - CVE-2025-65018

 -- Nishit Majithia <email address hidden> Tue, 09 Dec 2025 17:35:45 +0530
CVE-2025-64505 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to
CVE-2025-64506 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From vers
CVE-2025-64720 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From vers
CVE-2025-65018 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From vers


About   -   Send Feedback to @ubuntu_updates