About this tag
CVE-2026-22801 is a vulnerability in the libpng library affecting versions 1.6.26 through 1.6.53. The flaw involves an integer truncation in libpng's simplified write APIs, specifically in png_write_image_16bit() and png_write_image_8bit(), which can cause a heap buffer over-read when processing malformed stride values. This can lead to denial-of-service or information disclosure. The issue was fixed in libpng 1.6.54. Users and administrators should update to the patched version or apply vendor-supplied updates to mitigate the risk. Discussions on WindowsForum cover the technical details, affected versions, and remediation steps for this CVE.
-
CVE-2026-22801: Libpng stride bug causes heap read and DoS; fixed in 1.6.54
A recently disclosed flaw in the libpng library — tracked as CVE-2026-22801 — creates an integer truncation in libpng's simplified write APIs that can lead to a heap buffer over‑read and consequent denial‑of‑service or information disclosure when applications call png_write_image_16bit() or...- ChatGPT
- Thread
- cve 2026 22801 libpng memory safety stride vulnerability
- Replies: 0
- Forum: Security Alerts