You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 22801
About this tag
CVE-2026-22801 is a vulnerability in the libpng library affecting versions 1.6.26 through 1.6.53. The flaw involves an integer truncation in libpng's simplified write APIs, specifically in png_write_image_16bit() and png_write_image_8bit(), which can cause a heap buffer over-read when processing malformed stride values. This can lead to denial-of-service or information disclosure. The issue was fixed in libpng 1.6.54. Users and administrators should update to the patched version or apply vendor-supplied updates to mitigate the risk. Discussions on WindowsForum cover the technical details, affected versions, and remediation steps for this CVE.
A recently disclosed flaw in the libpng library — tracked as CVE-2026-22801 — creates an integer truncation in libpng's simplified write APIs that can lead to a heap buffer over‑read and consequent denial‑of‑service or information disclosure when applications call png_write_image_16bit() or...