Ubuntu alert USN-7963-1 (libpng1.6)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7963-1] libpng vulnerabilities | |
| Date: | Wed, 14 Jan 2026 17:16:09 +0000 | |
| Message-ID: | <E1vg4TZ-0000fZ-KI@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7963-1 January 14, 2026 libpng1.6 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in libpng. Software Description: - libpng1.6: PNG (Portable Network Graphics) file library Details: It was discovered that the libpng simplified API incorrectly processed palette PNG images with partial transparency and gamma correction. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-66293) Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit output format and non-minimal row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22695) Cosmin Truta discovered that the libpng simplified API incorrectly handled invalid row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22801) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libpng16-16t64 1.6.50-1ubuntu0.3 Ubuntu 25.04 libpng16-16t64 1.6.47-1.1ubuntu0.3 Ubuntu 24.04 LTS libpng16-16t64 1.6.43-5ubuntu0.3 Ubuntu 22.04 LTS libpng16-16 1.6.37-3ubuntu0.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7963-1 CVE-2025-66293, CVE-2026-22695, CVE-2026-22801 Package Information: https://launchpad.net/ubuntu/+source/libpng1.6/1.6.50-1ub... https://launchpad.net/ubuntu/+source/libpng1.6/1.6.47-1.1... https://launchpad.net/ubuntu/+source/libpng1.6/1.6.43-5ub... https://launchpad.net/ubuntu/+source/libpng1.6/1.6.37-3ub...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmlnz04ACgkQcpJm3tlz hgGLaBAAxkqlfo0+vdttXwIjuBXKgiHs1D8DXCZK8u2GnclgBnsQIEkqwv931Jio 5a54ZBCKrv25/yAqLqpQrpPo12aWTr6+D1ce/7jDN0Ws99izENeWfufqeCn0EPKy q3MOpKiBq2LFssUH5DI/a5KNaf7L1bjHL+VZv8IowUThWV10BH4Dm0GDQ/6eJ5fS 696QmTA/59347bnoDtmFthyga9qFEfrMOib9YnbWKVN6vXqXHUWgDZMRq8dljnz1 41LQk9IsBH2zDC6QVt5CWKQljEX1Dm3HLMD9YAMqJKVWYvc1CS0VP65FH7VE8tLR Lcv71gmqSYKDnqTWKmL2JiXTsqUcQ3uDFYC8kiyeBkLOmIvaf8mTzhjS6hHugKFZ IfSVE0oD/sWWx2ieNlR+i11BqDAiJJaUx4WNwSeG7OzoGdL0W1HxwyKVZPIbRthd KbzVHsGJAbOU1ViSG1w4A2AsLlBBQDcZFzIw8aC2gjLWVBfky6AJIXu9ilc4Y5zW eOZ6sE0H8b2L4raI02Fz07Iv92zYpb3JdrJKFWGg79Yr6pxJR8FPVQh//UgcsmyF 0+GvE5ERXgiQLzmcAuIMWCO0Cp0wIecUnuvVr7WvlLTw6p0OWeggQDG5OprTXduV f2DK2s9WxC3YziRJb9e7qY2IhRFLQE+++M/EaXUTGtpbAyUD+qU= =iwAe -----END PGP SIGNATURE-----