Security fixes. https://sourceforge.net/p/libpng/code/ci/libpng16/tree/CHANGES
Plugs CVEs: CVE-2025-64505: Heap buffer overflow in `png_do_quantize` via malformed palette index. CVE-2025-64506: Heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled. CVE-2025-64720: Buffer overflow in `png_image_read_composite` via incorrect palette premultiplication. CVE-2025-65018: Heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`. Pretty bad, suggest update. Signed-off-by: Christian Melki <[email protected]> --- rules/libpng.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/libpng.make b/rules/libpng.make index 5b0fa8977..8ed76aa67 100644 --- a/rules/libpng.make +++ b/rules/libpng.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBPNG) += libpng # # Paths and names # -LIBPNG_VERSION := 1.6.50 -LIBPNG_MD5 := e583e61455c4f40d565d85c0e9a2fbf9 +LIBPNG_VERSION := 1.6.51 +LIBPNG_MD5 := 8781d5eb8285ac70100b75a1d2a5fc5e LIBPNG := libpng-$(LIBPNG_VERSION) LIBPNG_SUFFIX := tar.xz LIBPNG_URL := $(call ptx/mirror, SF, libpng/$(LIBPNG).$(LIBPNG_SUFFIX)) -- 2.43.0
