2428824 – (CVE-2026-22801) CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API

Bug 2428824 (CVE-2026-22801) - CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API

Summary: CVE-2026-22801 libpng: libpng: Information disclosure and denial of service v...

Keywords:
Status:	NEW
Alias:	CVE-2026-22801
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-01-13 00:10 UTC by OSIDB Bzimport
Modified:	2026-01-13 09:59 UTC (History)
CC List:	18 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-01-13 00:10:31 UTC

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.

Note You need to log in before you can comment on or make changes to this bug.