Debian LTS DLA-4481-1 libpng Critical Denial of Service and Info Disclosure
debian lts
February 17, 2026
Multiple vulnerabilties have been found in libpng, the official PNG reference library, allowing information disclosure via out-of-bounds read, denial of service via infinite loop
Topics Covered
Summary
CVE-2026-22695
There is a heap buffer over-read in the libpng simplified API function
png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit
output format and non-minimal row stride. This is a regression
introduced by the fix for CVE-2025-65018.
CVE-2026-22801
There is an integer truncation in the libpng simplified write API
functions png_write_image_16bit and png_write_image_8bit causes heap
buffer over-read when the caller provides a negative row stride (for
bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was
introduced in libpng 1.6.26 (October 2016) by casts added to silence
compiler warnings on 16-bit systems.
CVE-2026-25646
A out-of-bounds read vulnerability exists in the png_set_quantize() API
function. When the function is called with no histogram and the number
of colors in the palette is more than twice the maximum supported by the
user's display, certain palettes will cause the function to enter into
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: libpng1.6
Version: 1.6.37-3+deb11u2
CVE ID: CVE-2026-22695 CVE-2026-22801 CVE-2026-25646
Debian Bug: 1125443 1125444 1127566
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!