This page collects WhisperX intelligence signals tagged #LIBPNG. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Red Hat Enterprise Linux 9 (RHEL 9) 中捆绑的 `java-17-openjdk-headless` 软件包存在一个高危安全漏洞,其根源在于集成了存在缺陷的 libpng 库。该漏洞(CVE-2025-65018)是一个堆缓冲区溢出漏洞,位于 libpng 简化 API 函数 `png_image_finish_read` 中。攻击者通过精心构造的交错式 PNG 图像文件,可在处理 16 位交错 PNG 并转换为 8 位输出格式时,触发超出已分配缓冲区边界的堆写入操作。这为远程代码执行打开了大门。 该漏洞影响 libpng 1.6.0 至 1.6.50 版本。Red Hat 已通过安全公告 RHS...
A critical out-of-bounds read vulnerability in the libpng library, tracked as CVE-2025-66293, exposes systems to potential data leakage. The flaw resides in libpng's simplified API and allows attackers to read up to 1012 bytes of memory beyond the bounds of a specific internal array. Crucially, this vulnerability can b...
A Trivy security scan has flagged five HIGH-severity vulnerabilities within a critical container image, exposing a potential attack surface for denial-of-service, arbitrary code execution, and information disclosure. The scan, conducted on April 2, 2026, targeted the `7002370412/news-feed:latest` image built on Alpine ...
A Trivy security scan has flagged five HIGH-severity vulnerabilities within a critical software component, exposing a potential attack surface for denial-of-service, arbitrary code execution, and information disclosure. The scan, conducted on April 2, 2026, targeted the `7002370412/news-feed:latest` container image, wh...
A critical out-of-bounds read vulnerability in the libpng library, tracked as CVE-2025-66293, exposes systems to potential data leakage and instability. The flaw resides in libpng's simplified API and allows an attacker to read up to 1012 bytes of memory beyond the bounds of a fixed-size internal array. Crucially, the ...
A critical out-of-bounds read vulnerability has been identified within the `java-17-openjdk-headless` package for Red Hat Enterprise Linux 9. The flaw, tracked as SNYK-RHEL9-JAVA17OPENJDKHEADLESS-14136452, stems from a defect in the upstream LIBPNG library, a core component for processing PNG image files. This vulnerab...
A critical heap buffer overflow vulnerability, tracked as CVE-2025-65018, has been patched in the `java-17-openjdk-headless` package for Red Hat Enterprise Linux 9. The flaw originates in the upstream libpng library, a core component for processing PNG image files. Specifically, versions 1.6.0 through 1.6.50 of libpng ...
An automated security scan has identified that CVE-2026-34757, a medium-severity vulnerability in libpng, remains unresolved in official PHP 8.4 Docker images built on Alpine 3.23.3. The vulnerability, which affects the libpng package at version 1.6.55-r0, was detected across both CLI and FPM variants after a rebuild w...