Lucene search
K

4 matches found

OSV
OSV
added 2026/04/27 5:34 p.m.9 views

CLSA-2026-1777311274 Fix CVE(s): CVE-2026-22801, CVE-2026-25646

SECURITY UPDATE: Heap buffer over-read in pngwriteimage due to truncation of ptrdifft row stride to pnguint16 - debian/patches/CVE-2026-22801.patch: remove incorrect truncation casts from pngwriteimage16bit, pngwriteimage8bit, and pngimagewritemain so large 65535 and negative row strides are...

8.3CVSS7.2AI score0.00955EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/03/02 7:59 p.m.3 views

libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API

A flaw was found in libpng, a reference library for PNG Portable Network Graphics raster image files. An integer truncation vulnerability exists in the pngwriteimage16bit and pngwriteimage8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row...

7.8CVSS5.9AI score0.00114EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/12 11:55 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the pngwriteimage16bit or pngwriteimage8bit functions when a negative row stride or a stride exceeding 65535 bytes is provided. An attacker can cause a heap buffer over-read by supplying specially crafted input to...

7.8CVSS7.1AI score0.00114EPSS
Exploits0References2
OSV
OSV
added 2026/01/12 11:15 p.m.9 views

AZL-74502 CVE-2026-22801 affecting package fltk 1.3.8-1

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

7.8CVSS6.3AI score0.00114EPSS
Exploits0References1
Rows per page
Query Builder