CVE-2026-22695

MEDIUM

Important: Red Hat Security Advisory: libpng security update

Details

CVSS v3: 6.1
NVD published: 2026-01-12 23:15:52
EPSS: <0.1% probability · 6.9th percentile — 2026-03-16
Affected versions: cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
Summary: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
Remediation: Not available in our cache.
Exploit info: https://github.com/pnggroup/libpng/issues/778 https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.