CVE-2026-22801Out-of-bounds Read in Libpng

CWE-125Out-of-bounds ReadCWE-190Integer Overflow or Wraparound11 documents8 sources
Severity
7.8HIGHNVD
CNA6.8OSV7.1
EPSS
0.0%
top 95.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pnggroup LibpngLibpng
Timeline
PublishedJan 12
Latest updateFeb 12

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDlibpng/libpng1.6.261.6.54
CVEListV5pnggroup/libpng< 1.6.54

🔴Vulnerability Details

4
OSV
libpng1.6 vulnerabilities2026-02-12
OSV
libpng1.6 vulnerabilities2026-01-14
CVEList
LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*2026-01-12
OSV
CVE-2026-22801: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files2026-01-12

📋Vendor Advisories

4
Ubuntu
libpng vulnerabilities2026-02-12
Ubuntu
libpng vulnerabilities2026-01-14
Red Hat
libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API2026-01-12
Debian
CVE-2026-22801: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-22801 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API2026-01-13