View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2025-64720 severity moderate: SUSE including 538 source package names (2.0.4-5.8.229:libpng16-16-1.6.34-150000.3.12.1, 2.1.3-7.76:libpng16-16-1.6.43-slfo.1.1_2.1, …), 1065 product×package rows across 319 product lines (Container private-registry/harbor-portal, Container suse/manager/5.0/x86_64/server, … (319 product lines)): Fixed 744, Known Affected 231, Known Not Affected 83, First Fixed 7.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha x 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.