Libpng · Libpng · CVE-2026-22801
**Name of the Vulnerable Software and Affected Versions**
libpng versions 1.6.26 through 1.6.53
**Description**
libpng is a library used by applications to read, create, and manipulate PNG image files. A flaw exists in the `png write image 16bit` and `png write image 8bit` functions due to an integer truncation. This can lead to a heap buffer over-read when a negative row stride or a stride exceeding 65535 bytes is provided by the calling application. The issue was introduced in version 1.6.26 and was addressed in version 1.6.54.
**Recommendations**
versions prior to 1.6.54