AZL-74508

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74508.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-74508

Upstream

CVE-2026-22801

Published

2026-01-12T23:15:52Z

Modified

2026-04-01T05:22:23.332211Z

Summary

CVE-2026-22801 affecting package optipng 0.7.8-5

Details

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-22801

Affected packages

Azure Linux:3 / optipng

Package

Name: optipng
Purl: pkg:rpm/azure-linux/optipng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.7.8-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74508.json"