Home > Vulnerability Database > CVE-2026-22801

Mend.io Vulnerability Database

CVE-2026-22801

Good to know:

Date: January 12, 2026

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.

Severity Score

6.8

Related Resources (3)

Url: https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-22801

Url: https://www.mend.io/vulnerability-database/CVE-2026-22801

Severity Score

6.8

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-22801

Good to know:

Date: January 12, 2026

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?