VulnerableCode Package Details - pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-uxj6-4181-rygt Aliases: CVE-2025-28164	libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function	1.6.39-2+deb12u4 Affected by 0 other vulnerabilities.
VCID-uxqz-nx2v-6yc5 Aliases: CVE-2025-28162	libpng: libpng: Denial of Service via buffer overflow in pngimage utility	1.6.39-2+deb12u4 Affected by 0 other vulnerabilities.
VCID-zmjn-418h-ebg8 Aliases: CVE-2026-34757		1.6.39-2+deb12u4 Affected by 0 other vulnerabilities. 1.6.48-1+deb13u4 Affected by 0 other vulnerabilities. 1.6.57-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-uxj6-4181-rygt
Aliases:
CVE-2025-28164

libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function

1.6.39-2+deb12u4
Affected by 0 other vulnerabilities.

VCID-uxqz-nx2v-6yc5
Aliases:
CVE-2025-28162

libpng: libpng: Denial of Service via buffer overflow in pngimage utility

1.6.39-2+deb12u4
Affected by 0 other vulnerabilities.

VCID-zmjn-418h-ebg8
Aliases:
CVE-2026-34757

1.6.39-2+deb12u4
Affected by 0 other vulnerabilities.

1.6.48-1+deb13u4
Affected by 0 other vulnerabilities.

1.6.57-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7923-9g38-jqc3	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	CVE-2025-65018
VCID-7qam-er5a-gbas	libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API	CVE-2026-22801
VCID-dm7h-c7wt-1kbs	libpng: libpng: Arbitrary code execution due to use-after-free vulnerability	CVE-2026-33416
VCID-gk2b-sstt-2fgh	libpng: memory leak of png_info struct in pngcp.c	CVE-2019-6129
VCID-j7dk-wzkm-tfcr	libpng: LIBPNG out-of-bounds read in png_image_read_composite	CVE-2025-66293
VCID-kwag-k17x-kyaj	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	CVE-2025-64505
VCID-n4kj-urjq-2uav	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	CVE-2025-64720
VCID-p6b5-1ba6-b3f8	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	CVE-2025-64506
VCID-ptgq-884e-mkft	libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion	CVE-2026-33636
VCID-rm7f-ybuf-dyfq	libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read	CVE-2026-22695
VCID-xyhj-84d1-dqh3	libpng: LIBPNG has a heap buffer overflow in png_set_quantize	CVE-2026-25646

Vulnerability

Summary

Aliases

VCID-7923-9g38-jqc3

Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

CVE-2025-65018

VCID-7qam-er5a-gbas

libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API

CVE-2026-22801

VCID-dm7h-c7wt-1kbs

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

CVE-2026-33416

VCID-gk2b-sstt-2fgh

libpng: memory leak of png_info struct in pngcp.c

CVE-2019-6129

VCID-j7dk-wzkm-tfcr

libpng: LIBPNG out-of-bounds read in png_image_read_composite

CVE-2025-66293

VCID-kwag-k17x-kyaj

Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

CVE-2025-64505

VCID-n4kj-urjq-2uav

Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

CVE-2025-64720

VCID-p6b5-1ba6-b3f8

Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

CVE-2025-64506

VCID-ptgq-884e-mkft

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

CVE-2026-33636

VCID-rm7f-ybuf-dyfq

libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read

CVE-2026-22695

VCID-xyhj-84d1-dqh3

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

CVE-2026-25646

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:49:04.811086+00:00	Debian Importer	Affected by	VCID-uxj6-4181-rygt	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:08:30.555419+00:00	Debian Importer	Affected by	VCID-uxqz-nx2v-6yc5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:00:17.877293+00:00	Debian Importer	Affected by	VCID-zmjn-418h-ebg8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:37:33.944494+00:00	Debian Importer	Fixing	VCID-gk2b-sstt-2fgh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T01:15:17.945852+00:00	Debian Oval Importer	Fixing	VCID-dm7h-c7wt-1kbs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T01:14:55.492633+00:00	Debian Oval Importer	Fixing	VCID-ptgq-884e-mkft	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:21:12.804046+00:00	Debian Oval Importer	Fixing	VCID-j7dk-wzkm-tfcr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:04:51.373012+00:00	Debian Oval Importer	Fixing	VCID-p6b5-1ba6-b3f8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:20:21.790435+00:00	Debian Oval Importer	Fixing	VCID-7qam-er5a-gbas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:35:41.331173+00:00	Debian Oval Importer	Fixing	VCID-7923-9g38-jqc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:03:40.690404+00:00	Debian Oval Importer	Fixing	VCID-rm7f-ybuf-dyfq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:00:56.674696+00:00	Debian Oval Importer	Fixing	VCID-n4kj-urjq-2uav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:16:56.743956+00:00	Debian Oval Importer	Fixing	VCID-xyhj-84d1-dqh3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:07:56.580823+00:00	Debian Oval Importer	Fixing	VCID-kwag-k17x-kyaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-14T00:39:09.651621+00:00	Debian Importer	Affected by	VCID-zmjn-418h-ebg8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:53:20.690249+00:00	Debian Importer	Affected by	VCID-uxqz-nx2v-6yc5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:33:36.689821+00:00	Debian Importer	Affected by	VCID-uxj6-4181-rygt	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T00:47:06.520726+00:00	Debian Oval Importer	Fixing	VCID-dm7h-c7wt-1kbs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-12T00:46:44.339377+00:00	Debian Oval Importer	Fixing	VCID-ptgq-884e-mkft	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:58:37.733289+00:00	Debian Oval Importer	Fixing	VCID-j7dk-wzkm-tfcr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:44:55.594847+00:00	Debian Oval Importer	Fixing	VCID-p6b5-1ba6-b3f8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:02:02.210082+00:00	Debian Oval Importer	Fixing	VCID-7qam-er5a-gbas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:18:25.194164+00:00	Debian Oval Importer	Fixing	VCID-7923-9g38-jqc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:49:24.033119+00:00	Debian Oval Importer	Fixing	VCID-rm7f-ybuf-dyfq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:48:05.620735+00:00	Debian Importer	Fixing	VCID-gk2b-sstt-2fgh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T16:47:32.030303+00:00	Debian Oval Importer	Fixing	VCID-n4kj-urjq-2uav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:04:16.983419+00:00	Debian Oval Importer	Fixing	VCID-xyhj-84d1-dqh3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:55:26.694882+00:00	Debian Oval Importer	Fixing	VCID-kwag-k17x-kyaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-09T00:16:50.703530+00:00	Debian Oval Importer	Fixing	VCID-dm7h-c7wt-1kbs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-09T00:16:28.160205+00:00	Debian Oval Importer	Fixing	VCID-ptgq-884e-mkft	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:35:48.878894+00:00	Debian Oval Importer	Fixing	VCID-j7dk-wzkm-tfcr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:24:46.172093+00:00	Debian Oval Importer	Fixing	VCID-p6b5-1ba6-b3f8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:43:43.722309+00:00	Debian Oval Importer	Fixing	VCID-7qam-er5a-gbas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:02:13.807609+00:00	Debian Oval Importer	Fixing	VCID-7923-9g38-jqc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:34:51.670576+00:00	Debian Importer	Affected by	VCID-uxqz-nx2v-6yc5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:21:34.023374+00:00	Debian Importer	Affected by	VCID-uxj6-4181-rygt	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T17:36:36.298555+00:00	Debian Oval Importer	Fixing	VCID-rm7f-ybuf-dyfq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:37:47.580190+00:00	Debian Oval Importer	Fixing	VCID-n4kj-urjq-2uav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:57:05.927466+00:00	Debian Oval Importer	Fixing	VCID-xyhj-84d1-dqh3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:48:40.792572+00:00	Debian Oval Importer	Fixing	VCID-kwag-k17x-kyaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T05:48:21.009349+00:00	Debian Importer	Fixing	VCID-gk2b-sstt-2fgh	https://security-tracker.debian.org/tracker/data/json	38.1.0

2026-04-16T09:49:04.811086+00:00

Debian Importer

Affected by

VCID-uxj6-4181-rygt

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T09:08:30.555419+00:00

Debian Importer

Affected by

VCID-uxqz-nx2v-6yc5

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T09:00:17.877293+00:00

Debian Importer

Affected by

VCID-zmjn-418h-ebg8

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T08:37:33.944494+00:00

Debian Importer

Fixing

VCID-gk2b-sstt-2fgh

https://security-tracker.debian.org/tracker/data/json

38.4.0

2026-04-16T01:15:17.945852+00:00

Debian Oval Importer

Fixing

VCID-dm7h-c7wt-1kbs

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.4.0

2026-04-16T01:14:55.492633+00:00

Debian Oval Importer

Fixing

VCID-ptgq-884e-mkft

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.4.0

2026-04-15T22:21:12.804046+00:00

Debian Oval Importer

Fixing

VCID-j7dk-wzkm-tfcr

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.4.0

2026-04-15T21:04:51.373012+00:00

Debian Oval Importer

Fixing

VCID-p6b5-1ba6-b3f8

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.4.0

2026-04-15T20:20:21.790435+00:00

Debian Oval Importer

Fixing

VCID-7qam-er5a-gbas

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.4.0

2026-04-15T19:35:41.331173+00:00

Debian Oval Importer

Fixing

VCID-7923-9g38-jqc3

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.4.0

2026-04-15T18:03:40.690404+00:00

Debian Oval Importer

Fixing

VCID-rm7f-ybuf-dyfq

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.4.0

2026-04-15T17:00:56.674696+00:00

Debian Oval Importer

Fixing

VCID-n4kj-urjq-2uav

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.4.0

2026-04-15T16:16:56.743956+00:00

Debian Oval Importer

Fixing

VCID-xyhj-84d1-dqh3

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.4.0

2026-04-15T16:07:56.580823+00:00

Debian Oval Importer

Fixing

VCID-kwag-k17x-kyaj

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.4.0

2026-04-14T00:39:09.651621+00:00

Debian Importer

Affected by

VCID-zmjn-418h-ebg8

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T06:53:20.690249+00:00

Debian Importer

Affected by

VCID-uxqz-nx2v-6yc5

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-13T06:33:36.689821+00:00

Debian Importer

Affected by

VCID-uxj6-4181-rygt

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-12T00:47:06.520726+00:00

Debian Oval Importer

Fixing

VCID-dm7h-c7wt-1kbs

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.3.0

2026-04-12T00:46:44.339377+00:00

Debian Oval Importer

Fixing

VCID-ptgq-884e-mkft

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.3.0

2026-04-11T21:58:37.733289+00:00

Debian Oval Importer

Fixing

VCID-j7dk-wzkm-tfcr

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.3.0

2026-04-11T20:44:55.594847+00:00

Debian Oval Importer

Fixing

VCID-p6b5-1ba6-b3f8

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.3.0

2026-04-11T20:02:02.210082+00:00

Debian Oval Importer

Fixing

VCID-7qam-er5a-gbas

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.3.0

2026-04-11T19:18:25.194164+00:00

Debian Oval Importer

Fixing

VCID-7923-9g38-jqc3

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.3.0

2026-04-11T17:49:24.033119+00:00

Debian Oval Importer

Fixing

VCID-rm7f-ybuf-dyfq

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.3.0

2026-04-11T17:48:05.620735+00:00

Debian Importer

Fixing

VCID-gk2b-sstt-2fgh

https://security-tracker.debian.org/tracker/data/json

38.3.0

2026-04-11T16:47:32.030303+00:00

Debian Oval Importer

Fixing

VCID-n4kj-urjq-2uav

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.3.0

2026-04-11T16:04:16.983419+00:00

Debian Oval Importer

Fixing

VCID-xyhj-84d1-dqh3

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.3.0

2026-04-11T15:55:26.694882+00:00

Debian Oval Importer

Fixing

VCID-kwag-k17x-kyaj

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.3.0

2026-04-09T00:16:50.703530+00:00

Debian Oval Importer

Fixing

VCID-dm7h-c7wt-1kbs

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.1.0

2026-04-09T00:16:28.160205+00:00

Debian Oval Importer

Fixing

VCID-ptgq-884e-mkft

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.1.0

2026-04-08T21:35:48.878894+00:00

Debian Oval Importer

Fixing

VCID-j7dk-wzkm-tfcr

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.1.0

2026-04-08T20:24:46.172093+00:00

Debian Oval Importer

Fixing

VCID-p6b5-1ba6-b3f8

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.1.0

2026-04-08T19:43:43.722309+00:00

Debian Oval Importer

Fixing

VCID-7qam-er5a-gbas

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.1.0

2026-04-08T19:02:13.807609+00:00

Debian Oval Importer

Fixing

VCID-7923-9g38-jqc3

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.1.0

2026-04-08T18:34:51.670576+00:00

Debian Importer

Affected by

VCID-uxqz-nx2v-6yc5

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T18:21:34.023374+00:00

Debian Importer

Affected by

VCID-uxj6-4181-rygt

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-08T17:36:36.298555+00:00

Debian Oval Importer

Fixing

VCID-rm7f-ybuf-dyfq

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.1.0

2026-04-08T16:37:47.580190+00:00

Debian Oval Importer

Fixing

VCID-n4kj-urjq-2uav

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.1.0

2026-04-08T15:57:05.927466+00:00

Debian Oval Importer

Fixing

VCID-xyhj-84d1-dqh3

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.1.0

2026-04-08T15:48:40.792572+00:00

Debian Oval Importer

Fixing

VCID-kwag-k17x-kyaj

https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2

38.1.0

2026-04-07T05:48:21.009349+00:00

Debian Importer

Fixing

VCID-gk2b-sstt-2fgh

https://security-tracker.debian.org/tracker/data/json

38.1.0

Next non-vulnerable version	1.6.39-2+deb12u4
Latest non-vulnerable version	1.6.57-1
Risk	2.8