Vulnerability-Lookup

CVE-2025-65018 (GCVE-0-2025-65018)

Vulnerability from cvelistv5 – Published: 2025-11-24 23:50 – Updated: 2025-11-25 19:29

Title

LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`

Summary

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-787 - Out-of-bounds Write
CWE-122 - Heap-based Buffer Overflow

Assigner

GitHub_M

References

5 references

URL	Tags
https://github.com/pnggroup/libpng/security/advis…	x_refsource_CONFIRM
https://github.com/pnggroup/libpng/issues/755	x_refsource_MISC
https://github.com/pnggroup/libpng/pull/757	x_refsource_MISC
https://github.com/pnggroup/libpng/commit/16b5e38…	x_refsource_MISC
https://github.com/pnggroup/libpng/commit/218612d…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
pnggroup	libpng	Affected: >= 1.6.0, < 1.6.51

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-65018",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-25T19:29:28.950712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-25T19:29:33.633Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/pnggroup/libpng/issues/755"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libpng",
          "vendor": "pnggroup",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.6.0, \u003c 1.6.51"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-24T23:50:18.294Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
        },
        {
          "name": "https://github.com/pnggroup/libpng/issues/755",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/issues/755"
        },
        {
          "name": "https://github.com/pnggroup/libpng/pull/757",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/pull/757"
        },
        {
          "name": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
        },
        {
          "name": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
        }
      ],
      "source": {
        "advisory": "GHSA-7wv6-48j4-hj3g",
        "discovery": "UNKNOWN"
      },
      "title": "LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-65018",
    "datePublished": "2025-11-24T23:50:18.294Z",
    "dateReserved": "2025-11-13T15:36:51.680Z",
    "dateUpdated": "2025-11-25T19:29:33.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-65018",
      "date": "2026-06-04",
      "epss": "0.00065",
      "percentile": "0.20483"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-65018\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-11-25T00:15:47.610\",\"lastModified\":\"2025-11-26T18:34:53.650\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.6.0\",\"versionEndExcluding\":\"1.6.51\",\"matchCriteriaId\":\"3545FEA5-4FFA-4955-BFDA-CC3602C9A894\"}]}]}],\"references\":[{\"url\":\"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/issues/755\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/pnggroup/libpng/pull/757\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/pnggroup/libpng/issues/755\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-65018\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-25T19:29:28.950712Z\"}}}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g\", \"tags\": [\"exploit\"]}, {\"url\": \"https://github.com/pnggroup/libpng/issues/755\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-25T19:29:24.065Z\"}}], \"cna\": {\"title\": \"LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`\", \"source\": {\"advisory\": \"GHSA-7wv6-48j4-hj3g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"pnggroup\", \"product\": \"libpng\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.6.0, \u003c 1.6.51\"}]}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g\", \"name\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pnggroup/libpng/issues/755\", \"name\": \"https://github.com/pnggroup/libpng/issues/755\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/pull/757\", \"name\": \"https://github.com/pnggroup/libpng/pull/757\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d\", \"name\": \"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea\", \"name\": \"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-11-24T23:50:18.294Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-65018\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-25T19:29:33.633Z\", \"dateReserved\": \"2025-11-13T15:36:51.680Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-11-24T23:50:18.294Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2025-2663

Vulnerability from csaf_certbund - Published: 2025-11-23 23:00 - Updated: 2026-03-26 23:00

Summary

libpng: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die libpng ist die offizielle Referenzbibliothek für die Darstellung und Manipulation von Bildern im Portable Network Graphics (PNG) Format.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libpng ausnutzen, um einen Denial of Service Angriff durchzuführen und Code auszuführen.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2025-64505

Affected products

Known affected 21 products

Product	Identifier	Version
IBM QRadar SIEM <7.5.0 UP14 IF04 IBM / QRadar SIEM		<7.5.0 UP14 IF04
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell NetWorker vProxy <19.13.0.3 Dell / NetWorker		vProxy <19.13.0.3
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source GitLab <18.5.5 Open Source / GitLab		<18.5.5
Open Source GitLab <18.6.3 Open Source / GitLab		<18.6.3
Open Source libpng <1.6.51 Open Source / libpng		<1.6.51
Open Source GitLab <18.7.1 Open Source / GitLab		<18.7.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Meinberg LANTIME <7.10.008 Meinberg / LANTIME		<7.10.008
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Meinberg LANTIME <V7.10.007 Meinberg / LANTIME		<V7.10.007

CVE-2025-64506

Affected products

Known affected 21 products

Product	Identifier	Version
IBM QRadar SIEM <7.5.0 UP14 IF04 IBM / QRadar SIEM		<7.5.0 UP14 IF04
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell NetWorker vProxy <19.13.0.3 Dell / NetWorker		vProxy <19.13.0.3
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source GitLab <18.5.5 Open Source / GitLab		<18.5.5
Open Source GitLab <18.6.3 Open Source / GitLab		<18.6.3
Open Source libpng <1.6.51 Open Source / libpng		<1.6.51
Open Source GitLab <18.7.1 Open Source / GitLab		<18.7.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Meinberg LANTIME <7.10.008 Meinberg / LANTIME		<7.10.008
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Meinberg LANTIME <V7.10.007 Meinberg / LANTIME		<V7.10.007

CVE-2025-64720

Affected products

Known affected 21 products

Product	Identifier	Version
IBM QRadar SIEM <7.5.0 UP14 IF04 IBM / QRadar SIEM		<7.5.0 UP14 IF04
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell NetWorker vProxy <19.13.0.3 Dell / NetWorker		vProxy <19.13.0.3
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source GitLab <18.5.5 Open Source / GitLab		<18.5.5
Open Source GitLab <18.6.3 Open Source / GitLab		<18.6.3
Open Source libpng <1.6.51 Open Source / libpng		<1.6.51
Open Source GitLab <18.7.1 Open Source / GitLab		<18.7.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Meinberg LANTIME <7.10.008 Meinberg / LANTIME		<7.10.008
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Meinberg LANTIME <V7.10.007 Meinberg / LANTIME		<V7.10.007

CVE-2025-65018

Affected products

Known affected 21 products

Product	Identifier	Version
IBM QRadar SIEM <7.5.0 UP14 IF04 IBM / QRadar SIEM		<7.5.0 UP14 IF04
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Dell NetWorker vProxy <19.13.0.3 Dell / NetWorker		vProxy <19.13.0.3
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell Secure Connect Gateway <5.34.00.16 Dell / Secure Connect Gateway		<5.34.00.16
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Open Source GitLab <18.5.5 Open Source / GitLab		<18.5.5
Open Source GitLab <18.6.3 Open Source / GitLab		<18.6.3
Open Source libpng <1.6.51 Open Source / libpng		<1.6.51
Open Source GitLab <18.7.1 Open Source / GitLab		<18.7.1
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Meinberg LANTIME <7.10.008 Meinberg / LANTIME		<7.10.008
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Business Automation Workflow IBM	`cpe:/a:ibm:business_automation_workflow:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Meinberg LANTIME <V7.10.007 Meinberg / LANTIME		<V7.10.007

References

86 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/pnggroup/libpng/releases/tag/v1.6.51	external
https://seclists.org/oss-sec/2025/q4/204	external
https://github.com/pnggroup/libpng/security/advis…	external
https://github.com/pnggroup/libpng/security/advis…	external
https://github.com/pnggroup/libpng/security/advis…	external
https://github.com/pnggroup/libpng/security/advis…	external
https://github.com/Neo-Neo6/CVE-2025-65018-Heap-b…	external
https://security.gentoo.org/glsa/202511-06	external
https://lists.debian.org/debian-lts-announce/2025…	external
https://lists.opensuse.org/archives/list/security…	external
https://alas.aws.amazon.com/AL2/ALAS2-2025-3091.html	external
https://alas.aws.amazon.com/AL2/ALAS2FIREFOX-2025…	external
https://lists.debian.org/debian-security-announce…	external
https://ubuntu.com/security/notices/USN-7924-1	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS2-2025-3113.html	external
https://alas.aws.amazon.com/AL2/ALAS2-2025-3112.html	external
https://access.redhat.com/errata/RHSA-2026:0125	external
https://access.redhat.com/errata/RHSA-2026:0212	external
https://errata.build.resf.org/RLSA-2026:0125	external
https://access.redhat.com/errata/RHSA-2026:0216	external
https://access.redhat.com/errata/RHSA-2026:0211	external
https://linux.oracle.com/errata/ELSA-2026-0241.html	external
https://access.redhat.com/errata/RHSA-2026:0234	external
https://linux.oracle.com/errata/ELSA-2026-0238.html	external
https://access.redhat.com/errata/RHSA-2026:0241	external
https://linux.oracle.com/errata/ELSA-2026-0237.html	external
https://linux.oracle.com/errata/ELSA-2026-0125.html	external
https://access.redhat.com/errata/RHSA-2026:0237	external
https://access.redhat.com/errata/RHSA-2026:0251	external
https://access.redhat.com/errata/RHSA-2026:0210	external
https://access.redhat.com/errata/RHSA-2026:0238	external
https://github.com/dantsco/CVE-2025-64720-PoC	external
https://about.gitlab.com/releases/2026/01/07/patc…	external
https://access.redhat.com/errata/RHSA-2026:0322	external
https://access.redhat.com/errata/RHSA-2026:0323	external
https://access.redhat.com/errata/RHSA-2026:0321	external
https://access.redhat.com/errata/RHSA-2026:0313	external
https://access.redhat.com/errata/RHSA-2026:0414	external
https://errata.build.resf.org/RLSA-2026:0241	external
https://errata.build.resf.org/RLSA-2026:0237	external
https://errata.build.resf.org/RLSA-2026:0238	external
https://lists.opensuse.org/archives/list/security…	external
https://www.meinberg.de/german/news/meinberg-secu…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:0927	external
https://access.redhat.com/errata/RHSA-2026:0848	external
https://access.redhat.com/errata/RHSA-2026:0847	external
https://access.redhat.com/errata/RHSA-2026:0849	external
https://access.redhat.com/errata/RHSA-2026:0950	external
https://access.redhat.com/errata/RHSA-2026:0928	external
https://linux.oracle.com/errata/ELSA-2026-0927.html	external
https://errata.build.resf.org/RLSA-2026:0927	external
https://errata.build.resf.org/RLSA-2026:0928	external
http://linux.oracle.com/errata/ELSA-2026-0251.html	external
http://linux.oracle.com/errata/ELSA-2026-0928.html	external
https://access.redhat.com/errata/RHSA-2026:0899	external
https://access.redhat.com/errata/RHSA-2026:0932	external
https://access.redhat.com/errata/RHSA-2026:0933	external
https://access.redhat.com/errata/RHSA-2026:0901	external
https://access.redhat.com/errata/RHSA-2026:0895	external
https://access.redhat.com/errata/RHSA-2026:0897	external
https://errata.build.resf.org/RLSA-2026:0932	external
https://linux.oracle.com/errata/ELSA-2026-0932.html	external
https://www.ibm.com/support/pages/node/7258234	external
http://news.meinberg.de/664/	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3171.html	external
https://alas.aws.amazon.com/AL2/ALAS2FIREFOX-2026…	external
https://www.ibm.com/support/pages/node/7262441	external
https://ubuntu.com/security/notices/USN-8081-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.dell.com/support/kbdoc/000436206	external
https://www.dell.com/support/kbdoc/de-de/00044324…	external
https://www.ibm.com/support/pages/node/7267699	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die libpng ist die offizielle Referenzbibliothek f\u00fcr die Darstellung und Manipulation von Bildern im Portable Network Graphics (PNG) Format.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in libpng ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2663 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2663.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2663 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2663"
      },
      {
        "category": "external",
        "summary": "libpng Release 1.6.51 vom 2025-11-23",
        "url": "https://github.com/pnggroup/libpng/releases/tag/v1.6.51"
      },
      {
        "category": "external",
        "summary": "oss-sec mailing list archives vom 2025-11-23",
        "url": "https://seclists.org/oss-sec/2025/q4/204"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-4952-h5wq-4m42 vom 2025-11-23",
        "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-QPR4-XM66-HWW6 vom 2025-11-23",
        "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-HFC7-PH9C-WCWW vom 2025-11-23",
        "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-7WV6-48J4-HJ3G vom 2025-11-23",
        "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2025-65018 vom 2025-11-23",
        "url": "https://github.com/Neo-Neo6/CVE-2025-65018-Heap-buffer-overflow-in-libpng-ps4-ps5-"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202511-06 vom 2025-11-26",
        "url": "https://security.gentoo.org/glsa/202511-06"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4396 vom 2025-12-07",
        "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00007.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15797-1 vom 2025-12-05",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6VHJB7BZAUFZBE64B7ADJSGFVT67JY7Q/"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-3091 vom 2025-12-08",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3091.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2FIREFOX-2025-048 vom 2025-12-08",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2FIREFOX-2025-048.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6076 vom 2025-12-10",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00242.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7924-1 vom 2025-12-11",
        "url": "https://ubuntu.com/security/notices/USN-7924-1"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-DA6D092209 vom 2025-12-13",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-da6d092209"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-DBD70402F4 vom 2025-12-13",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-dbd70402f4"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4383-1 vom 2025-12-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023535.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4432-1 vom 2025-12-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023583.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4436-1 vom 2025-12-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023579.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:21220-1 vom 2025-12-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023591.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:21217-1 vom 2025-12-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023593.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4494-1 vom 2025-12-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZIBH6F5GJDUMZIKK5ICPKWLWOR4CCVQK/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:4533-1 vom 2025-12-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023661.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-3113 vom 2026-01-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3113.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-3112 vom 2026-01-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3112.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0125 vom 2026-01-06",
        "url": "https://access.redhat.com/errata/RHSA-2026:0125"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0212 vom 2026-01-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:0212"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0125 vom 2026-01-07",
        "url": "https://errata.build.resf.org/RLSA-2026:0125"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0216 vom 2026-01-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:0216"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0211 vom 2026-01-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:0211"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0241 vom 2026-01-08",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0241.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0234 vom 2026-01-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:0234"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0238 vom 2026-01-07",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0238.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0241 vom 2026-01-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:0241"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0237 vom 2026-01-07",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0237.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0125 vom 2026-01-08",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0125.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0237 vom 2026-01-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:0237"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0251 vom 2026-01-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:0251"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0210 vom 2026-01-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:0210"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0238 vom 2026-01-07",
        "url": "https://access.redhat.com/errata/RHSA-2026:0238"
      },
      {
        "category": "external",
        "summary": "PoC auf GitHub vom 2026-01-07",
        "url": "https://github.com/dantsco/CVE-2025-64720-PoC"
      },
      {
        "category": "external",
        "summary": "GitLab Patch Release: 18.7.1, 18.6.3, 18.5.5",
        "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0322 vom 2026-01-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:0322"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0323 vom 2026-01-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:0323"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0321 vom 2026-01-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:0321"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0313 vom 2026-01-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:0313"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0414 vom 2026-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:0414"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0241 vom 2026-01-09",
        "url": "https://errata.build.resf.org/RLSA-2026:0241"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0237 vom 2026-01-09",
        "url": "https://errata.build.resf.org/RLSA-2026:0237"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0238 vom 2026-01-09",
        "url": "https://errata.build.resf.org/RLSA-2026:0238"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20017-1 vom 2026-01-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2GPCRBHJC7Z4H55G47GJBQKP5HYHTLXK/"
      },
      {
        "category": "external",
        "summary": "Meinberg Security Advisory vom 2026-01-13",
        "url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2026-01-lantime-firmware-v7-10-007.htm"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20073-1 vom 2026-01-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023744.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20030-1 vom 2026-01-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023774.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0927 vom 2026-01-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:0927"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0848 vom 2026-01-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:0848"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0847 vom 2026-01-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:0847"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0849 vom 2026-01-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:0849"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0950 vom 2026-01-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:0950"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0928 vom 2026-01-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:0928"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0927 vom 2026-01-22",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0927.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0927 vom 2026-01-23",
        "url": "https://errata.build.resf.org/RLSA-2026:0927"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0928 vom 2026-01-23",
        "url": "https://errata.build.resf.org/RLSA-2026:0928"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0251 vom 2026-01-23",
        "url": "http://linux.oracle.com/errata/ELSA-2026-0251.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0928 vom 2026-01-23",
        "url": "http://linux.oracle.com/errata/ELSA-2026-0928.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0899 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0899"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0932 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0932"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0933 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0933"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0901 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0901"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0895 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0895"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0897 vom 2026-01-26",
        "url": "https://access.redhat.com/errata/RHSA-2026:0897"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0932 vom 2026-01-27",
        "url": "https://errata.build.resf.org/RLSA-2026:0932"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0932 vom 2026-01-27",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0932.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7258234 vom 2026-01-28",
        "url": "https://www.ibm.com/support/pages/node/7258234"
      },
      {
        "category": "external",
        "summary": "Meinberg Security Advisory MBGSA-2026.02 vom 2026-02-10",
        "url": "http://news.meinberg.de/664/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4481 vom 2026-02-17",
        "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00020.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3171 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3171.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2FIREFOX-2026-051 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2FIREFOX-2026-051.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7262441 vom 2026-03-03",
        "url": "https://www.ibm.com/support/pages/node/7262441"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8081-1 vom 2026-03-12",
        "url": "https://ubuntu.com/security/notices/USN-8081-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0898-1 vom 2026-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024694.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-114 vom 2026-03-17",
        "url": "https://www.dell.com/support/kbdoc/000436206"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2026-152 vom 2026-03-23",
        "url": "https://www.dell.com/support/kbdoc/de-de/000443243/dsa-2026-152-dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7267699 vom 2026-03-27",
        "url": "https://www.ibm.com/support/pages/node/7267699"
      }
    ],
    "source_lang": "en-US",
    "title": "libpng: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-26T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-27T09:42:31.634+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2663",
      "initial_release_date": "2025-11-23T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-23T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-24T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-199236, EUVD-2025-199237, EUVD-2025-199238, EUVD-2025-199239"
        },
        {
          "date": "2025-11-25T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2025-12-07T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian und openSUSE aufgenommen"
        },
        {
          "date": "2025-12-08T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-12-09T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-12-10T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-12-14T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Fedora und SUSE aufgenommen"
        },
        {
          "date": "2025-12-17T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-12-18T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-12-21T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-12-29T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-01-05T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-01-06T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-01-07T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat und Oracle Linux und PoC aufgenommen"
        },
        {
          "date": "2026-01-08T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-01-13T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-01-14T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-01-21T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-01-22T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-01-25T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-01-26T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-01-27T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-01-28T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-02-10T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Meinberg aufgenommen"
        },
        {
          "date": "2026-02-17T23:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-02-18T23:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-03-03T23:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-03-11T23:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-03-15T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-16T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2026-03-23T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2026-03-26T23:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "33"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vProxy \u003c19.13.0.3",
                "product": {
                  "name": "Dell NetWorker vProxy \u003c19.13.0.3",
                  "product_id": "T051763"
                }
              },
              {
                "category": "product_version",
                "name": "vProxy 19.13.0.3",
                "product": {
                  "name": "Dell NetWorker vProxy 19.13.0.3",
                  "product_id": "T051763-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:vproxy__19.13.0.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.34.00.16",
                "product": {
                  "name": "Dell Secure Connect Gateway \u003c5.34.00.16",
                  "product_id": "T052048"
                }
              },
              {
                "category": "product_version",
                "name": "5.34.00.16",
                "product": {
                  "name": "Dell Secure Connect Gateway 5.34.00.16",
                  "product_id": "T052048-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:secure_connect_gateway:5.34.00.16"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Secure Connect Gateway"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM App Connect Enterprise",
            "product": {
              "name": "IBM App Connect Enterprise",
              "product_id": "T032495",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T019704",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.5.0 UP14 IF04",
                "product": {
                  "name": "IBM QRadar SIEM \u003c7.5.0 UP14 IF04",
                  "product_id": "T050392"
                }
              },
              {
                "category": "product_version",
                "name": "7.5.0 UP14 IF04",
                "product": {
                  "name": "IBM QRadar SIEM 7.5.0 UP14 IF04",
                  "product_id": "T050392-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up14_if04"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV7.10.007",
                "product": {
                  "name": "Meinberg LANTIME \u003cV7.10.007",
                  "product_id": "T049952"
                }
              },
              {
                "category": "product_version",
                "name": "V7.10.007",
                "product": {
                  "name": "Meinberg LANTIME V7.10.007",
                  "product_id": "T049952-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:meinberg:lantime:v7.10.007"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.10.008",
                "product": {
                  "name": "Meinberg LANTIME \u003c7.10.008",
                  "product_id": "T050722"
                }
              },
              {
                "category": "product_version",
                "name": "7.10.008",
                "product": {
                  "name": "Meinberg LANTIME 7.10.008",
                  "product_id": "T050722-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:meinberg:lantime:7.10.008"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LANTIME"
          }
        ],
        "category": "vendor",
        "name": "Meinberg"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c18.7.1",
                "product": {
                  "name": "Open Source GitLab \u003c18.7.1",
                  "product_id": "T049757"
                }
              },
              {
                "category": "product_version",
                "name": "18.7.1",
                "product": {
                  "name": "Open Source GitLab 18.7.1",
                  "product_id": "T049757-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:18.7.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.6.3",
                "product": {
                  "name": "Open Source GitLab \u003c18.6.3",
                  "product_id": "T049758"
                }
              },
              {
                "category": "product_version",
                "name": "18.6.3",
                "product": {
                  "name": "Open Source GitLab 18.6.3",
                  "product_id": "T049758-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:18.6.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c18.5.5",
                "product": {
                  "name": "Open Source GitLab \u003c18.5.5",
                  "product_id": "T049759"
                }
              },
              {
                "category": "product_version",
                "name": "18.5.5",
                "product": {
                  "name": "Open Source GitLab 18.5.5",
                  "product_id": "T049759-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:gitlab:gitlab:18.5.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "GitLab"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.6.51",
                "product": {
                  "name": "Open Source libpng \u003c1.6.51",
                  "product_id": "T048833"
                }
              },
              {
                "category": "product_version",
                "name": "1.6.51",
                "product": {
                  "name": "Open Source libpng 1.6.51",
                  "product_id": "T048833-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:libpng:libpng:1.6.51"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "libpng"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-64505",
      "product_status": {
        "known_affected": [
          "T050392",
          "67646",
          "T051763",
          "T012167",
          "T004914",
          "T032255",
          "T052048",
          "74185",
          "T032495",
          "T049759",
          "T049758",
          "T048833",
          "T049757",
          "2951",
          "T002207",
          "T050722",
          "T000126",
          "T019704",
          "T027843",
          "398363",
          "T049952"
        ]
      },
      "release_date": "2025-11-23T23:00:00.000+00:00",
      "title": "CVE-2025-64505"
    },
    {
      "cve": "CVE-2025-64506",
      "product_status": {
        "known_affected": [
          "T050392",
          "67646",
          "T051763",
          "T012167",
          "T004914",
          "T032255",
          "T052048",
          "74185",
          "T032495",
          "T049759",
          "T049758",
          "T048833",
          "T049757",
          "2951",
          "T002207",
          "T050722",
          "T000126",
          "T019704",
          "T027843",
          "398363",
          "T049952"
        ]
      },
      "release_date": "2025-11-23T23:00:00.000+00:00",
      "title": "CVE-2025-64506"
    },
    {
      "cve": "CVE-2025-64720",
      "product_status": {
        "known_affected": [
          "T050392",
          "67646",
          "T051763",
          "T012167",
          "T004914",
          "T032255",
          "T052048",
          "74185",
          "T032495",
          "T049759",
          "T049758",
          "T048833",
          "T049757",
          "2951",
          "T002207",
          "T050722",
          "T000126",
          "T019704",
          "T027843",
          "398363",
          "T049952"
        ]
      },
      "release_date": "2025-11-23T23:00:00.000+00:00",
      "title": "CVE-2025-64720"
    },
    {
      "cve": "CVE-2025-65018",
      "product_status": {
        "known_affected": [
          "T050392",
          "67646",
          "T051763",
          "T012167",
          "T004914",
          "T032255",
          "T052048",
          "74185",
          "T032495",
          "T049759",
          "T049758",
          "T048833",
          "T049757",
          "2951",
          "T002207",
          "T050722",
          "T000126",
          "T019704",
          "T027843",
          "398363",
          "T049952"
        ]
      },
      "release_date": "2025-11-23T23:00:00.000+00:00",
      "title": "CVE-2025-65018"
    }
  ]
}

WID-SEC-W-2026-0168

Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-03-26 23:00

Summary

Oracle MySQL: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: MySQL ist ein Open Source Datenbankserver von Oracle.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2025-65018

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2025-6965

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2025-9086

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2025-9230

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21929

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21936

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21937

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21941

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21948

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21949

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21950

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21952

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21964

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21965

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

CVE-2026-21968

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

Last affected 5 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.4.7 Oracle / MySQL		<=8.4.7
Oracle MySQL <=9.5.0 Oracle / MySQL		<=9.5.0
Oracle MySQL <=9.4.0 Oracle / MySQL		<=9.4.0
Oracle MySQL <=7.6.36 Oracle / MySQL		<=7.6.36
Oracle MySQL <=8.0.45 Oracle / MySQL		<=8.0.45

References

17 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpujan2026…	external
https://ubuntu.com/security/notices/USN-7994-1	external
https://ubuntu.com/security/notices/USN-8006-1	external
https://access.redhat.com/errata/RHSA-2026:4162	external
https://linux.oracle.com/errata/ELSA-2026-4162.html	external
https://errata.build.resf.org/RLSA-2026:4828	external
https://access.redhat.com/errata/RHSA-2026:4828	external
https://linux.oracle.com/errata/ELSA-2026-4828.html	external
https://access.redhat.com/errata/RHSA-2026:5580	external
https://errata.build.resf.org/RLSA-2026:5580	external
https://access.redhat.com/errata/RHSA-2026:5640	external
https://errata.build.resf.org/RLSA-2026:5640	external
http://linux.oracle.com/errata/ELSA-2026-5640.html	external
http://linux.oracle.com/errata/ELSA-2026-5580.html	external
https://linux.oracle.com/errata/ELSA-2026-5580.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "MySQL ist ein Open Source Datenbankserver von Oracle.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0168 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0168.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0168 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0168"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - January 2026 - Appendix Oracle MySQL vom 2026-01-20",
        "url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7994-1 vom 2026-02-03",
        "url": "https://ubuntu.com/security/notices/USN-7994-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8006-1 vom 2026-02-04",
        "url": "https://ubuntu.com/security/notices/USN-8006-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:4162 vom 2026-03-10",
        "url": "https://access.redhat.com/errata/RHSA-2026:4162"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-4162 vom 2026-03-10",
        "url": "https://linux.oracle.com/errata/ELSA-2026-4162.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:4828 vom 2026-03-18",
        "url": "https://errata.build.resf.org/RLSA-2026:4828"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:4828 vom 2026-03-18",
        "url": "https://access.redhat.com/errata/RHSA-2026:4828"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-4828 vom 2026-03-18",
        "url": "https://linux.oracle.com/errata/ELSA-2026-4828.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:5580 vom 2026-03-24",
        "url": "https://access.redhat.com/errata/RHSA-2026:5580"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:5580 vom 2026-03-24",
        "url": "https://errata.build.resf.org/RLSA-2026:5580"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:5640 vom 2026-03-24",
        "url": "https://access.redhat.com/errata/RHSA-2026:5640"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:5640 vom 2026-03-24",
        "url": "https://errata.build.resf.org/RLSA-2026:5640"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-5640 vom 2026-03-26",
        "url": "http://linux.oracle.com/errata/ELSA-2026-5640.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-5580 vom 2026-03-27",
        "url": "http://linux.oracle.com/errata/ELSA-2026-5580.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-5580 vom 2026-03-26",
        "url": "https://linux.oracle.com/errata/ELSA-2026-5580.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle MySQL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-26T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-27T09:43:09.813+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0168",
      "initial_release_date": "2026-01-20T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-20T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-01-21T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-3544"
        },
        {
          "date": "2026-02-02T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-02-03T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-03-09T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-03-10T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-03-17T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
        },
        {
          "date": "2026-03-18T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-03-23T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-03-24T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-03-25T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-03-26T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "12"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=9.4.0",
                "product": {
                  "name": "Oracle MySQL \u003c=9.4.0",
                  "product_id": "T047929"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=9.4.0",
                "product": {
                  "name": "Oracle MySQL \u003c=9.4.0",
                  "product_id": "T047929-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.4.7",
                "product": {
                  "name": "Oracle MySQL \u003c=8.4.7",
                  "product_id": "T050150"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.4.7",
                "product": {
                  "name": "Oracle MySQL \u003c=8.4.7",
                  "product_id": "T050150-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=9.5.0",
                "product": {
                  "name": "Oracle MySQL \u003c=9.5.0",
                  "product_id": "T050151"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=9.5.0",
                "product": {
                  "name": "Oracle MySQL \u003c=9.5.0",
                  "product_id": "T050151-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.45",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.45",
                  "product_id": "T050153"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.45",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.45",
                  "product_id": "T050153-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.6.36",
                "product": {
                  "name": "Oracle MySQL \u003c=7.6.36",
                  "product_id": "T050154"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.6.36",
                "product": {
                  "name": "Oracle MySQL \u003c=7.6.36",
                  "product_id": "T050154-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "MySQL"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-65018",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-65018"
    },
    {
      "cve": "CVE-2025-6965",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-6965"
    },
    {
      "cve": "CVE-2025-9086",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-9086"
    },
    {
      "cve": "CVE-2025-9230",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2025-9230"
    },
    {
      "cve": "CVE-2026-21929",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21929"
    },
    {
      "cve": "CVE-2026-21936",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21936"
    },
    {
      "cve": "CVE-2026-21937",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21937"
    },
    {
      "cve": "CVE-2026-21941",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21941"
    },
    {
      "cve": "CVE-2026-21948",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21948"
    },
    {
      "cve": "CVE-2026-21949",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21949"
    },
    {
      "cve": "CVE-2026-21950",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21950"
    },
    {
      "cve": "CVE-2026-21952",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21952"
    },
    {
      "cve": "CVE-2026-21964",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21964"
    },
    {
      "cve": "CVE-2026-21965",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21965"
    },
    {
      "cve": "CVE-2026-21968",
      "product_status": {
        "known_affected": [
          "67646",
          "T000126",
          "T004914",
          "T032255"
        ],
        "last_affected": [
          "T050150",
          "T050151",
          "T047929",
          "T050154",
          "T050153"
        ]
      },
      "release_date": "2026-01-20T23:00:00.000+00:00",
      "title": "CVE-2026-21968"
    }
  ]
}

WID-SEC-W-2026-0347

Vulnerability from csaf_certbund - Published: 2026-02-09 23:00 - Updated: 2026-02-19 23:00

Summary

Red Hat Build of Keycloak: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Keycloak ermöglicht Single Sign-On mit Identity and Access Management für moderne Anwendungen und Dienste.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Red Hat Build of Keycloak ausnutzen, um die Authentifizierung zu umgehen, erweiterte Berechtigungen zu erlangen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuführen oder Daten zu manipulieren.

Betroffene Betriebssysteme: - Linux

CVE-2025-14778

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Keycloak <26.2.13 Red Hat / Enterprise Linux		Keycloak <26.2.13
Red Hat Enterprise Linux Keycloak Operator <26.2.13 Red Hat / Enterprise Linux		Keycloak Operator <26.2.13
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-1529

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Keycloak <26.2.13 Red Hat / Enterprise Linux		Keycloak <26.2.13
Red Hat Enterprise Linux Keycloak Operator <26.2.13 Red Hat / Enterprise Linux		Keycloak Operator <26.2.13
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-64720

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Keycloak <26.2.13 Red Hat / Enterprise Linux		Keycloak <26.2.13
Red Hat Enterprise Linux Keycloak Operator <26.2.13 Red Hat / Enterprise Linux		Keycloak Operator <26.2.13
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-65018

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Keycloak <26.2.13 Red Hat / Enterprise Linux		Keycloak <26.2.13
Red Hat Enterprise Linux Keycloak Operator <26.2.13 Red Hat / Enterprise Linux		Keycloak Operator <26.2.13
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-21925

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Keycloak <26.2.13 Red Hat / Enterprise Linux		Keycloak <26.2.13
Red Hat Enterprise Linux Keycloak Operator <26.2.13 Red Hat / Enterprise Linux		Keycloak Operator <26.2.13
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-21933

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Keycloak <26.2.13 Red Hat / Enterprise Linux		Keycloak <26.2.13
Red Hat Enterprise Linux Keycloak Operator <26.2.13 Red Hat / Enterprise Linux		Keycloak Operator <26.2.13
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-21945

Affected products

Known affected 3 products

Product	Identifier	Version
Red Hat Enterprise Linux Keycloak <26.2.13 Red Hat / Enterprise Linux		Keycloak <26.2.13
Red Hat Enterprise Linux Keycloak Operator <26.2.13 Red Hat / Enterprise Linux		Keycloak Operator <26.2.13
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

References

7 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2026:2363	external
https://access.redhat.com/errata/RHSA-2026:2364	external
https://github.com/dantsco/CVE-2025-64720-PoC	external
https://github.com/Neo-Neo6/CVE-2025-65018-Heap-b…	external
https://linux.oracle.com/errata/ELSA-2026-0847.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Keycloak erm\u00f6glicht Single Sign-On mit Identity and Access Management f\u00fcr moderne Anwendungen und Dienste.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Red Hat Build of Keycloak ausnutzen, um die Authentifizierung zu umgehen, erweiterte Berechtigungen zu erlangen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuf\u00fchren oder Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0347 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0347.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0347 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0347"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2363 vom 2026-02-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:2363"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2364 vom 2026-02-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:2364"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2025-64720 vom 2026-02-09",
        "url": "https://github.com/dantsco/CVE-2025-64720-PoC"
      },
      {
        "category": "external",
        "summary": "PoC CVE-2025-65018 vom 2026-02-09",
        "url": "https://github.com/Neo-Neo6/CVE-2025-65018-Heap-buffer-overflow-in-libpng-ps4-ps5-"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0847 vom 2026-02-20",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0847.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Build of Keycloak: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-19T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-20T09:20:50.610+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0347",
      "initial_release_date": "2026-02-09T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-09T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-02-19T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Keycloak \u003c26.2.13",
                "product": {
                  "name": "Red Hat Enterprise Linux Keycloak \u003c26.2.13",
                  "product_id": "T050635"
                }
              },
              {
                "category": "product_version",
                "name": "Keycloak 26.2.13",
                "product": {
                  "name": "Red Hat Enterprise Linux Keycloak 26.2.13",
                  "product_id": "T050635-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:keycloak__26.2.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Keycloak Operator \u003c26.2.13",
                "product": {
                  "name": "Red Hat Enterprise Linux Keycloak Operator \u003c26.2.13",
                  "product_id": "T050636"
                }
              },
              {
                "category": "product_version",
                "name": "Keycloak Operator 26.2.13",
                "product": {
                  "name": "Red Hat Enterprise Linux Keycloak Operator 26.2.13",
                  "product_id": "T050636-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:keycloak_operator__26.2.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14778",
      "product_status": {
        "known_affected": [
          "T050635",
          "T050636",
          "T004914"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-14778"
    },
    {
      "cve": "CVE-2026-1529",
      "product_status": {
        "known_affected": [
          "T050635",
          "T050636",
          "T004914"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2026-1529"
    },
    {
      "cve": "CVE-2025-64720",
      "product_status": {
        "known_affected": [
          "T050635",
          "T050636",
          "T004914"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-64720"
    },
    {
      "cve": "CVE-2025-65018",
      "product_status": {
        "known_affected": [
          "T050635",
          "T050636",
          "T004914"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2025-65018"
    },
    {
      "cve": "CVE-2026-21925",
      "product_status": {
        "known_affected": [
          "T050635",
          "T050636",
          "T004914"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2026-21925"
    },
    {
      "cve": "CVE-2026-21933",
      "product_status": {
        "known_affected": [
          "T050635",
          "T050636",
          "T004914"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2026-21933"
    },
    {
      "cve": "CVE-2026-21945",
      "product_status": {
        "known_affected": [
          "T050635",
          "T050636",
          "T004914"
        ]
      },
      "release_date": "2026-02-09T23:00:00.000+00:00",
      "title": "CVE-2026-21945"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-65018 (GCVE-0-2025-65018)

WID-SEC-W-2025-2663

WID-SEC-W-2026-0168

WID-SEC-W-2026-0347

Tags

Sightings

Nomenclature