CVE-2026-22695

Name
CVE-2026-22695
Description
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea
MISC https://github.com/pnggroup/libpng/commit/e4f7ad4ea2
MISC https://github.com/pnggroup/libpng/issues/778
CONFIRM https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

Match rules

CPE URI Source package Min version Max version
libpng >= 0 < 1.6.54
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:* libpng >= 1.6.51 < 1.6.54

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libpng edge-main 1.6.54-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libpng edge-main 1.6.53-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng edge-main 1.6.51-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng edge-main 1.6.51-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng edge-main 1.6.49-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng edge-main 1.6.47-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng edge-main 1.6.46-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng edge-main 1.6.45-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng edge-main 1.6.44-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng edge-main 1.6.37-r0 None possibly vulnerable
libpng 3.23-main 1.6.54-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libpng 3.23-main 1.6.53-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.22-main 1.6.54-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libpng 3.22-main 1.6.53-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.22-main 1.6.51-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.22-main 1.6.47-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.22-main 1.6.37-r0 None possibly vulnerable
libpng 3.21-main 1.6.54-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libpng 3.21-main 1.6.53-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.21-main 1.6.47-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.21-main 1.6.44-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.21-main 1.6.37-r0 None possibly vulnerable
libpng 3.20-main 1.6.54-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
libpng 3.20-main 1.6.53-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.20-main 1.6.44-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.20-main 1.6.37-r0 None possibly vulnerable
libpng 3.19-main 1.6.44-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.19-main 1.6.37-r0 None possibly vulnerable