VDB
BDU%3A2025-15390
BDU%3A2025-15390
PUBLISHED
CVSS 8.5 HIGH
Уязвимость функции png_image_read_composite() библиотеки libpng, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
Risk Scores
CVSS 2.0
8.5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat Inc., Novell Inc., Сообщество свободного программного обеспечения, АО «ИВК», Guy Eric Schalnat Andreas Dilger Glenn Randers-Pehrson | Red Hat Enterprise Linux, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, OpenSUSE Leap, Suse Linux Enterprise Server, Debian GNU/Linux, Red Hat build of OpenJDK, Red Hat OpenShift Container Platform, openSUSE Leap Micro, АЛЬТ СП 10, libpng |
Timeline
- Dec 8, 2025 CVE Published
- Dec 26, 2025 CVE Updated
References
- https://www.openwall.com/lists/oss-security/2025/12/03/6 url
- https://www.openwall.com/lists/oss-security/2025/12/03/7 url
- https://www.openwall.com/lists/oss-security/2025/12/03/8 url
- https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 url
- https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a url
- https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f url
- https://www.cybersecurity-help.cz/vdb/SB2025120348 url
- https://access.redhat.com/security/cve/cve-2025-66293 url
- https://www.suse.com/security/cve/CVE-2025-66293.html url
- https://security-tracker.debian.org/tracker/CVE-2025-66293 url
- https://altsp.su/obnovleniya-bezopasnosti/ url