Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.

INFO

Published Date :

2026-01-12T22:55:40.204Z

Last Modified :

2026-01-13T19:07:10.972Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22695 vulnerability.

Vendors Products
Libpng
  • Libpng
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22695.

URL Resource
https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/commit/e4f7ad4ea2 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/issues/778 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-22695 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-22695 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact