CVE-2026-22695
- Source
- https://cve.org/CVERecord?id=CVE-2026-22695
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-22695.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-22695
- Aliases
-
- GHSA-mmq5-27w3-rxpp
- Downstream
- Related
- Published
- 2026-01-12T22:55:40.204Z
- Modified
- 2026-05-31T03:35:30.561886Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H CVSS Calculator
- Summary
- LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix)
- Details
-
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function pngimagefinish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-125" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22695.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22695.json
- https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp
- https://nvd.nist.gov/vuln/detail/CVE-2026-22695
- https://github.com/pnggroup/libpng/issues/778
- https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea
- https://github.com/pnggroup/libpng/commit/e4f7ad4ea2
Affected packages
Git / github.com/pnggroup/libpng
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pnggroup/libpng/commit/02f2b4f4699f0ef9111a6534f093b53732df4452",
"target": {
"file": "png.c"
},
"id": "CVE-2026-22695-010f10be",
"digest": {
"line_hashes": [
"327333362595809855009709216293242458091",
"279773453140246214690474345717570130546",
"115820707951216701988175577087939699096",
"311171675743028020374147954611376107950",
"167668607726485798520722745583647935882",
"334738595734899256725134661017463305676"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Function",
"signature_version": "v1",
"source": "https://github.com/pnggroup/libpng/commit/02f2b4f4699f0ef9111a6534f093b53732df4452",
"target": {
"file": "png.c",
"function": "png_get_copyright"
},
"id": "CVE-2026-22695-13e3a59d",
"digest": {
"function_hash": "154053324026357579622821123918096375308",
"length": 481.0
},
"deprecated": false
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pnggroup/libpng/commit/02f2b4f4699f0ef9111a6534f093b53732df4452",
"target": {
"file": "png.h"
},
"id": "CVE-2026-22695-3d373722",
"digest": {
"line_hashes": [
"166375070723291529406421301066248769034",
"275647010778297936193963675511576832388",
"256826767335212246520616614652191899280",
"279336807821086835335477021495116274772",
"21410732896831932727182998172814220178",
"106550426482539417114549859700126206902",
"247197528077876204962072745179511874496",
"327509478853766906744281300346084898016"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_type": "Line",
"signature_version": "v1",
"source": "https://github.com/pnggroup/libpng/commit/02f2b4f4699f0ef9111a6534f093b53732df4452",
"target": {
"file": "pngtest.c"
},
"id": "CVE-2026-22695-5469271d",
"digest": {
"line_hashes": [
"61817495566730883906655567599472824457",
"275257476952071577898258900499903171964",
"91397839701035180686538087820368727519",
"158625912433874676602721644606842363619"
],
"threshold": 0.9
},
"deprecated": false
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-22695.json"
vanir_signatures_modified
"2026-05-31T03:35:30Z"