SUSE-SU-2026:20155-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2026-22695: Fixed heap buffer over-read in pngimagefinishread bsc1256525. - CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in pngimagewrite bsc1256526...

Mageia: Security Advisory (MGASA-2026-0010)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2026-0010 Updated libpng packages fix security vulnerabilities

LIBPNG has a heap buffer over-read in pngimagereaddirectscaled regression from CVE-2025-65018 fix. CVE-2026-22695 LIBPNG has an integer truncation causing heap buffer over-read in pngimagewrite. CVE-2026-22801...

Updated libpng packages fix security vulnerabilities

LIBPNG has a heap buffer over-read in pngimagereaddirectscaled regression from CVE-2025-65018 fix. CVE-2026-22695 LIBPNG has an integer truncation causing heap buffer over-read in pngimagewrite. CVE-2026-22801...

[slackware-security] libpng

New libpng packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libpng-1.6.54-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Heap buffer over-read in the libpng simplified API...

LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*

...

MiracleLinux 8 : sqlite-3.26.0-20.el8_10 (AXSA:2025-10668:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10668:02 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 8 : nodejs:22 (AXSA:2025-10653:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10653:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : sqlite-3.34.1-8.el9_6 (AXSA:2025-10658:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10658:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : nodejs:22 (AXSA:2025-10673:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10673:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : sqlite-3.34.1-9.el9_7 (AXSA:2025-11450:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11450:04 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 8 : mingw-sqlite-3.26.0.0-2.el8_10 (AXSA:2025-10765:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10765:01 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

AZL-74283 CVE-2026-22801 affecting package libpng for versions less than 1.6.54-1

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

AZL-74499 CVE-2026-22801 affecting package gdal 3.6.3-5

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

CVE-2026-22801

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

CVE-2026-22801 LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

CVE-2026-22801 LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

CVE-2026-22801

From the connected documents: LIBPNG versions 1.6.26–1.6.53 contain an integer truncation in the simplified write API (png_write_image_16bit and png_write_image_8bit) that can cause a heap over-read when the caller provides a negative row stride (bottom-up layouts) or a stride > 65535 bytes. T...

libpng 输入验证错误漏洞

libpng is The PNG Development Group open source a PNG graphics file can be realized on the creation of PNG, read and write operations such as PNG reference library . An input validation error vulnerability exists in libpng versions 1.6.26 through 1.6.53, which stems from an integer truncation in...

CVE-2022-42324

Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...