USN-8081-1

Details

It was discovered that libpng did not properly handle memory when processing certain PNG files. An attacker could possibly use this issue to cause libpng to crash, resulting in a denial of service, or disclose sensitive information. (CVE-2025-64505)

Joshua Inscoe discovered that libpng did not properly handle memory when processing certain PNG files. An attacker could possibly use this issue to cause libpng to crash, resulting in a denial of service, disclose sensitive information, or execute arbitrary code. (CVE-2026-25646)

Affected Packages

libpng

Ubuntu Pro 14.04 LTS

Fixed in:

1.2.50-1ubuntu2.14.04.3+esm1

libpng

Ubuntu Pro 16.04 LTS

Fixed in:

1.2.54-1ubuntu1.1+esm2

References

REPORT

https://ubuntu.com/security/CVE-2025-64505

REPORT

https://ubuntu.com/security/CVE-2026-25646

ADVISORY

https://ubuntu.com/security/notices/USN-8081-1