Ubuntu alert USN-7993-1 (libpng1.6)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-7993-1] libpng vulnerabilities
Date:
             
 
Tue, 03 Feb 2026 00:06:16 +0000
Message-ID:
             
 
<E1vn3vs-0003JZ-Ey@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-7993-1
February 02, 2026

libpng1.6 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

libpng could be made to crash if it opened a specially crafted file.

Software Description:
- libpng1.6: PNG (Portable Network Graphics) file library

Details:

It was discovered that libpng incorrectly handled memory when processing
certain malformed PNG files. If a user or automated system were tricked
into opening a specially crafted PNG file, an attacker could use this issue
to cause libpng to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libpng16-16t64                  1.6.43-5ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7993-1
  CVE-2025-28162, CVE-2025-28164

Package Information:
  https://launchpad.net/ubuntu/+source/libpng1.6/1.6.43-5ub...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmBO+MACgkQcpJm3tlz
hgGKRg/+JZokVpG0/sS/DmIBMAouJQNZ7OuDfIEaA4Jc0afFpaJGZ30xp/399uoN
4+qchShurpNnuqRHXuD3wcTGaMsSSk+YaY3QzeNWX63s3LhS54q/nB5ptaICilwt
/Amh7106kKA7LuKWBh+WQ9Gy2NcE2n8FAjnbo+pHN5RMxjLwYweDRy6lWRdDEG0W
90R90EGb4rbTmKI62MrmQzNZ6fRLudZdjH2WK1CckWPkxyODcfp/XnS3iQyb6p7w
HAdsDzikIGdby67+hXojPsb17z7JSBCw5e5oDRpTXZtn2le61yIlrzuuZkdnIQqD
KG0g/wJEwyhBo6P8cRFPaKbmvOsV5bZTlM14wEW9j/l0tf6lF/oM1NLQpNxo2SeQ
q5J84HGJB7PfYE/aHPYjEbo2Wo6cjJd7mToFTtDcwiWbX8jXUwhy2JpJrY8r2LVC
zg72URv2yTOjyFrxWgE2+DpAFlyffIFcfectYal+5dObW1wqqItkJFHcWxWAjkgE
PRa7GezY0FQfGR1xEp06Ubj7BU68F7TAostp8A75FHTB31vq2GE25ho3qPC/0BJX
nLY0YvO/FDI57faUDtKmCpoA2shZIkdxHjvwdE0FEo0Lhog1hg5BkBWm9G13V9jG
xYQ2ZTiNQHt1s3Sy6qch5dLTEvfkUCCYwk6Gpw7/rXVAxzaG4iQ=
=UTEG
-----END PGP SIGNATURE-----