PT-2026-2325 · Libpng+4 · Libpng+4

Cosmin Truta

·

Published

2026-01-12

·

Updated

2026-05-21

·

CVE-2026-22801

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libpng versions 1.6.26 through 1.6.53
Description libpng is a library used by applications to read, create, and manipulate PNG image files. A flaw exists in the png write image 16bit and png write image 8bit functions due to an integer truncation. This can lead to a heap buffer over-read when a negative row stride or a stride exceeding 65535 bytes is provided by the calling application. The issue was introduced in version 1.6.26 and was addressed in version 1.6.54.
Recommendations versions prior to 1.6.54

Exploit

Fix

DoS

Out of bounds Read

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-190

Related Identifiers

ALSA-2026:3405
ALSA-2026:3551
ALSA-2026:4306
ALSA-2026:4728
AZL-74264
AZL-74283
AZL-74499
AZL-74502
AZL-74505
AZL-74508
BDU:2026-04960
CLEANSTART-2026-AF52025
CLEANSTART-2026-AG21538
CLEANSTART-2026-AX74442
CLEANSTART-2026-CH17958
CLEANSTART-2026-CO09549
CLEANSTART-2026-CP08056
CLEANSTART-2026-DJ93523
CLEANSTART-2026-DK70097
CLEANSTART-2026-DP59378
CLEANSTART-2026-EO57061
CLEANSTART-2026-GN22652
CLEANSTART-2026-HH39661
CLEANSTART-2026-HJ96712
CLEANSTART-2026-HL08143
CLEANSTART-2026-HM96194
CLEANSTART-2026-IB04141
CLEANSTART-2026-IJ23041
CLEANSTART-2026-IN87004
CLEANSTART-2026-IO64153
CLEANSTART-2026-JH41080
CLEANSTART-2026-JL41223
CLEANSTART-2026-JP09281
CLEANSTART-2026-KF75900
CLEANSTART-2026-KH40159
CLEANSTART-2026-KJ79497
CLEANSTART-2026-KX82113
CLEANSTART-2026-LB69194
CLEANSTART-2026-LF33811
CLEANSTART-2026-NJ24264
CLEANSTART-2026-NN56899
CLEANSTART-2026-OV74385
CLEANSTART-2026-PD43534
CLEANSTART-2026-PH91954
CLEANSTART-2026-PO55014
CLEANSTART-2026-QM31011
CLEANSTART-2026-QP67751
CLEANSTART-2026-RO34407
CLEANSTART-2026-RO70091
CLEANSTART-2026-SZ14466
CLEANSTART-2026-TB28500
CLEANSTART-2026-TL29125
CLEANSTART-2026-UB19292
CLEANSTART-2026-UN47141
CLEANSTART-2026-UV97144
CLEANSTART-2026-UZ82654
CVE-2026-22801
ECHO-CE32-3079-D836
GHSA-VGJQ-8CW5-GGW8
MGASA-2026-0010
OESA-2026-1205
OPENSUSE-SU-2026:10060-1
OPENSUSE-SU-2026:20083-1
RHSA-2026:3405
RHSA-2026:3551
RHSA-2026:3573
RHSA-2026:3574
RHSA-2026:3575
RHSA-2026:3576
RHSA-2026:3577
RHSA-2026:4306
RHSA-2026:4728
RHSA-2026:4729
RHSA-2026:4730
RHSA-2026:4731
RHSA-2026:4732
RHSA-2026:6732
RHSA-2026:9254
SUSE-SU-2026:0234-1
SUSE-SU-2026:0596-1
SUSE-SU-2026:20127-1
SUSE-SU-2026:20155-1
SUSE-SU-2026:20523-1
SUSE-SU-2026:20530-1
USN-7963-1
USN-8035-1

Affected Products

Libpng
Linuxmint
Red Os
Rocky Linux
Ubuntu