Date: Fri, 05 Dec 2025 06:16:20 +0000 From: Charlie Li <vishwin@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Cc: Polarian <polarian@polarian.dev> Subject: git: df1135a895c3 - main - security/vuxml: Out of bounds read in graphics/png Message-ID: <693278b4.c5c7.5114f6f0@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by vishwin: URL: https://cgit.FreeBSD.org/ports/commit/?id=df1135a895c37fcc13ad9e435f48cfb3f5df5c49 commit df1135a895c37fcc13ad9e435f48cfb3f5df5c49 Author: Polarian <polarian@polarian.dev> AuthorDate: 2025-12-05 02:36:48 +0000 Commit: Charlie Li <vishwin@FreeBSD.org> CommitDate: 2025-12-05 06:14:17 +0000 security/vuxml: Out of bounds read in graphics/png PR: 291266, 291410 --- security/vuxml/vuln/2025.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 8ddea6b75286..30fc9668a946 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,34 @@ + <vuln vid="f323f148-d181-11f0-841f-843a4b343614"> + <topic>png -- Out-of-bounds read</topic> + <affects> + <package> + <name>png</name> + <range><lt>1.6.52</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f reports:</p> + <blockquote cite="https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f">; + <p>Prior to 1.6.52, an out-of-bounds read vulnerability in + libpng's simplified API allows reading up to 1012 bytes beyond the + png_sRGB_base[512] array when processing valid palette PNG images + with partial transparency and gamma correction. The PNG files that + trigger this vulnerability are valid per the PNG specification; the + bug is in libpng's internal state management.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-66293</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2025-66293</url>; + </references> + <dates> + <discovery>2025-12-03</discovery> + <entry>2025-12-05</entry> + </dates> + </vuln> + <vuln vid="be3167b5-d140-11f0-ad27-c01803b56cc4"> <topic>libvirt -- Multiple vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?693278b4.c5c7.5114f6f0>