AZL-74283

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74283.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-74283

Upstream

CVE-2026-22801

Published

2026-01-12T23:15:52Z

Modified

2026-04-01T05:22:22.730319Z

Summary

CVE-2026-22801 affecting package libpng for versions less than 1.6.54-1

Details

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-22801

Affected packages

Azure Linux:2 / libpng

Package

Name: libpng
Purl: pkg:rpm/azure-linux/libpng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.54-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74283.json"