UbuntuUpdates.org

Package "libpng-tools"

Name: libpng-tools

Description:

PNG library - tools (version 1.6)
Latest version: 1.6.43-5ubuntu0.5
Release: noble (24.04)
Level: security
Repository: main
Head package: libpng1.6
Homepage: http://libpng.org/pub/png/libpng.html

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libpng-tools"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libpng-tools" in Noble

Repository Area Version
base main 1.6.43-5build1
updates main 1.6.43-5ubuntu0.5

Changelog

Version: 1.6.43-5ubuntu0.5 2026-02-12 23:08:03 UTC

  libpng1.6 (1.6.43-5ubuntu0.5) noble-security; urgency=medium

  * SECURITY UPDATE: OOB read in png_set_quantize()
    - debian/patches/CVE-2026-25646.patch: fix a heap buffer overflow in
      pngrtran.c.
    - CVE-2026-25646

 -- Marc Deslauriers <email address hidden> Wed, 11 Feb 2026 09:27:12 -0500
Source diff to previous version
CVE-2026-25646 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to

Version: 1.6.43-5ubuntu0.4 2026-02-02 17:08:11 UTC

  libpng1.6 (1.6.43-5ubuntu0.4) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via buffer overflow caused by memory leaks
    - debian/patches/CVE-2025-2816x.patch: clean up on user/internal errors
      in contrib/libtests/pngimage.c, pngerror.c.
    - CVE-2025-28162
    - CVE-2025-28164

 -- Marc Deslauriers <email address hidden> Thu, 29 Jan 2026 11:18:41 -0500
Source diff to previous version
CVE-2025-2816 The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing cap
CVE-2025-28162 Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (AS
CVE-2025-28164 Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.

Version: 1.6.43-5ubuntu0.3 2026-01-14 18:07:40 UTC

  libpng1.6 (1.6.43-5ubuntu0.3) noble-security; urgency=medium

  * SECURITY UPDATE: OOB in png_image_read_composite
    - debian/patches/CVE-2025-66293-1.patch: validate component size in
      pngread.c.
    - debian/patches/CVE-2025-66293-2.patch: improve fix in pngread.c.
    - CVE-2025-66293
  * SECURITY UPDATE: Heap buffer over-read in png_image_read_direct_scaled
    - debian/patches/CVE-2026-22695.patch: fix memcpy size in pngread.c.
    - CVE-2026-22695
  * SECURITY UPDATE: Integer truncation causing heap buffer over-read
    - debian/patches/CVE-2026-22801.patch: remove incorrect truncation
      casts in CMakeLists.txt, contrib/libtests/pngstest.c, pngwrite.c,
      tests/pngstest-large-stride.
    - CVE-2026-22801

 -- Marc Deslauriers <email address hidden> Mon, 12 Jan 2026 13:14:03 -0500
Source diff to previous version
CVE-2025-66293 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to
CVE-2026-22695 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.
CVE-2026-22801 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.

Version: 1.6.43-5ubuntu0.1 2025-12-11 07:07:40 UTC

  libpng1.6 (1.6.43-5ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: buffer overflow issue
    - debian/patches/CVE-2025-64505.patch: Fix a buffer overflow in
      png_do_quantize
    - debian/patches/CVE-2025-64506.patch: Fix a heap buffer overflow in
      png_write_image_8bit
    - debian/patches/CVE-2025-64720.patch: Fix a buffer overflow in
      png_init_read_transformations
    - debian/patches/CVE-2025-65018.patch: Fix a heap buffer overflow in
      png_image_finish_read
    - CVE-2025-64505
    - CVE-2025-64506
    - CVE-2025-64720
    - CVE-2025-65018

 -- Nishit Majithia <email address hidden> Tue, 09 Dec 2025 17:36:48 +0530
CVE-2025-64505 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to
CVE-2025-64506 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From vers
CVE-2025-64720 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From vers
CVE-2025-65018 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From vers


About   -   Send Feedback to @ubuntu_updates