4 matches found
CLSA-2026-1777311274 Fix CVE(s): CVE-2026-22801, CVE-2026-25646
SECURITY UPDATE: Heap buffer over-read in pngwriteimage due to truncation of ptrdifft row stride to pnguint16 - debian/patches/CVE-2026-22801.patch: remove incorrect truncation casts from pngwriteimage16bit, pngwriteimage8bit, and pngimagewritemain so large 65535 and negative row strides are...
libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API
A flaw was found in libpng, a reference library for PNG Portable Network Graphics raster image files. An integer truncation vulnerability exists in the pngwriteimage16bit and pngwriteimage8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the pngwriteimage16bit or pngwriteimage8bit functions when a negative row stride or a stride exceeding 65535 bytes is provided. An attacker can cause a heap buffer over-read by supplying specially crafted input to...
AZL-74502 CVE-2026-22801 affecting package fltk 1.3.8-1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...