Msrc Cbl2 Syslinux 6.04-10 On Cbl Mariner 2.0 vulnerabilities
3 known vulnerabilities affecting msrc/cbl2_syslinux_6.04-10_on_cbl_mariner_2.0.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-66293HIGHCVSS 7.12025-12-09
CVE-2025-66293 [HIGH] CWE-125 LIBPNG has an out-of-bounds read in png_image_read_composite
LIBPNG has an out-of-bounds read in png_image_read_composite
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
msrc
CVE-2025-64505MEDIUMCVSS 6.12025-11-11
CVE-2025-64505 [MEDIUM] CWE-125 LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index
LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
msrc
CVE-2015-2158HIGHCVSS 7.82017-10-10
CVE-2015-2158 [HIGH] Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service
Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our cus
msrc