AI description
Automated description summarized from trusted sources.
CVE-2026-22801 is an integer truncation vulnerability found in the libpng library, affecting versions 1.6.26 through 1.6.53. This flaw specifically impacts the `png_write_image_16bit` and `png_write_image_8bit` functions within the simplified write API. The vulnerability occurs when a caller provides a negative row stride (used for bottom-up image layouts) or a stride exceeding 65535 bytes. This input leads to an integer truncation, which in turn causes a heap buffer over-read. The issue was introduced in libpng 1.6.26 in October 2016 due to casts added to silence compiler warnings on 16-bit systems, and it has since been resolved in libpng version 1.6.54.
- Description
- LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.8
- Impact score
- 4.2
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-125
- Hype score
- Not currently trending