vulnerability

Oracle Linux: CVE-2025-64720: ELSA-2026-0125: mingw-libpng security update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:M/Au:N/C:P/I:N/A:C)	Nov 24, 2025	Jan 9, 2026	Jan 29, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:C)

Published

Nov 24, 2025

Added

Jan 9, 2026

Modified

Jan 29, 2026

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

Solutions

oracle-linux-upgrade-java-17-openjdkoracle-linux-upgrade-java-17-openjdk-demooracle-linux-upgrade-java-17-openjdk-demo-fastdebugoracle-linux-upgrade-java-17-openjdk-demo-slowdebugoracle-linux-upgrade-java-17-openjdk-develoracle-linux-upgrade-java-17-openjdk-devel-fastdebugoracle-linux-upgrade-java-17-openjdk-devel-slowdebugoracle-linux-upgrade-java-17-openjdk-fastdebugoracle-linux-upgrade-java-17-openjdk-headlessoracle-linux-upgrade-java-17-openjdk-headless-fastdebugoracle-linux-upgrade-java-17-openjdk-headless-slowdebugoracle-linux-upgrade-java-17-openjdk-javadocoracle-linux-upgrade-java-17-openjdk-javadoc-ziporacle-linux-upgrade-java-17-openjdk-jmodsoracle-linux-upgrade-java-17-openjdk-jmods-fastdebugoracle-linux-upgrade-java-17-openjdk-jmods-slowdebugoracle-linux-upgrade-java-17-openjdk-slowdebugoracle-linux-upgrade-java-17-openjdk-srcoracle-linux-upgrade-java-17-openjdk-src-fastdebugoracle-linux-upgrade-java-17-openjdk-src-slowdebugoracle-linux-upgrade-java-17-openjdk-static-libsoracle-linux-upgrade-java-17-openjdk-static-libs-fastdebugoracle-linux-upgrade-java-17-openjdk-static-libs-slowdebugoracle-linux-upgrade-java-1-8-0-openjdkoracle-linux-upgrade-java-1-8-0-openjdk-accessibilityoracle-linux-upgrade-java-1-8-0-openjdk-accessibility-fastdebugoracle-linux-upgrade-java-1-8-0-openjdk-accessibility-slowdebugoracle-linux-upgrade-java-1-8-0-openjdk-demooracle-linux-upgrade-java-1-8-0-openjdk-demo-fastdebugoracle-linux-upgrade-java-1-8-0-openjdk-demo-slowdebugoracle-linux-upgrade-java-1-8-0-openjdk-develoracle-linux-upgrade-java-1-8-0-openjdk-devel-fastdebugoracle-linux-upgrade-java-1-8-0-openjdk-devel-slowdebugoracle-linux-upgrade-java-1-8-0-openjdk-fastdebugoracle-linux-upgrade-java-1-8-0-openjdk-headlessoracle-linux-upgrade-java-1-8-0-openjdk-headless-fastdebugoracle-linux-upgrade-java-1-8-0-openjdk-headless-slowdebugoracle-linux-upgrade-java-1-8-0-openjdk-javadocoracle-linux-upgrade-java-1-8-0-openjdk-javadoc-ziporacle-linux-upgrade-java-1-8-0-openjdk-slowdebugoracle-linux-upgrade-java-1-8-0-openjdk-srcoracle-linux-upgrade-java-1-8-0-openjdk-src-fastdebugoracle-linux-upgrade-java-1-8-0-openjdk-src-slowdebugoracle-linux-upgrade-java-21-openjdkoracle-linux-upgrade-java-21-openjdk-demooracle-linux-upgrade-java-21-openjdk-demo-fastdebugoracle-linux-upgrade-java-21-openjdk-demo-slowdebugoracle-linux-upgrade-java-21-openjdk-develoracle-linux-upgrade-java-21-openjdk-devel-fastdebugoracle-linux-upgrade-java-21-openjdk-devel-slowdebugoracle-linux-upgrade-java-21-openjdk-fastdebugoracle-linux-upgrade-java-21-openjdk-headlessoracle-linux-upgrade-java-21-openjdk-headless-fastdebugoracle-linux-upgrade-java-21-openjdk-headless-slowdebugoracle-linux-upgrade-java-21-openjdk-javadocoracle-linux-upgrade-java-21-openjdk-javadoc-ziporacle-linux-upgrade-java-21-openjdk-jmodsoracle-linux-upgrade-java-21-openjdk-jmods-fastdebugoracle-linux-upgrade-java-21-openjdk-jmods-slowdebugoracle-linux-upgrade-java-21-openjdk-slowdebugoracle-linux-upgrade-java-21-openjdk-srcoracle-linux-upgrade-java-21-openjdk-src-fastdebugoracle-linux-upgrade-java-21-openjdk-src-slowdebugoracle-linux-upgrade-java-21-openjdk-static-libsoracle-linux-upgrade-java-21-openjdk-static-libs-fastdebugoracle-linux-upgrade-java-21-openjdk-static-libs-slowdebugoracle-linux-upgrade-libpngoracle-linux-upgrade-libpng-develoracle-linux-upgrade-libpng-staticoracle-linux-upgrade-mingw32-libpngoracle-linux-upgrade-mingw32-libpng-staticoracle-linux-upgrade-mingw64-libpngoracle-linux-upgrade-mingw64-libpng-static

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today