Beyond security

Language

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

CVE-2026-22801

Medium

Low Medium High Critical

6.8

CVSS Score

Published: Jan 12, 2026

Last Modified: Jan 13, 2026

Vulnerability Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack Vector

L

Attack Complexity

L

Privileges Required

N

User Interaction

N

Scope

U

Confidentiality

L

Integrity

N

Availability

H

Available Security Patches

1 patch available from vendors

View All Patches

Canonical (Ubuntu)

USN-7963-1

USN-7963-1: libpng vulnerabilities

Severity

Unknown

Released

Jan 14, 2026

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8
security-advisories@github.com

Severity Details

6.8

out of 10.0

Medium

Key Information

Published Date: January 12, 2026

External Resources

NIST

National Vulnerability Database

Detailed vulnerability info

Official CVE record