Msrc Azl3 Syslinux 6.04-11 On Azure Linux 3.0 vulnerabilities

CVE-2025-66293 [HIGH] CWE-125 LIBPNG has an out-of-bounds read in png_image_read_composite LIBPNG has an out-of-bounds read in png_image_read_composite Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-64505 [MEDIUM] CWE-125 LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index Mariner: Mariner GitHub_M: GitHub_M Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2022-37434 [CRITICAL] CWE-787 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. S zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but

CVE-2017-12652 [CRITICAL] CWE-20 libpng before 1.6.32 does not properly check the length of chunks against the user limit. libpng before 1.6.32 does not properly check the length of chunks against the user limit. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most re

CVE-2015-2158 [HIGH] Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our cus

CVE-2016-10087 [HIGH] The libpng 0.71 allows context-dependent attackers to cause a NULL pointer dereference vectors The libpng 0.71 allows context-dependent attackers to cause a NULL pointer dereference vectors FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2015-8472 [HIGH] Buffer overflow in libpng allows remote attackers to cause a denial of service Buffer overflow in libpng allows remote attackers to cause a denial of service FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of t