Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-22801 (GCVE-0-2026-22801)
Vulnerability from cvelistv5 – Published: 2026-01-12 22:57 – Updated: 2026-01-13 19:37
VLAI
EPSS
Title
LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/pnggroup/libpng/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T19:37:38.282435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T19:37:45.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.54"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T22:57:58.288Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"source": {
"advisory": "GHSA-vgjq-8cw5-ggw8",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22801",
"datePublished": "2026-01-12T22:57:58.288Z",
"dateReserved": "2026-01-09T22:50:10.287Z",
"dateUpdated": "2026-01-13T19:37:45.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-22801",
"date": "2026-06-08",
"epss": "0.00023",
"percentile": "0.06823"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-22801\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-12T23:15:52.907\",\"lastModified\":\"2026-01-21T18:58:18.270\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.6.26\",\"versionEndExcluding\":\"1.6.54\",\"matchCriteriaId\":\"4E5664F6-3EA2-4459-8380-BEB9937EFBE1\"}]}]}],\"references\":[{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-22801\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-13T19:37:38.282435Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-13T19:37:42.858Z\"}}], \"cna\": {\"title\": \"LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*\", \"source\": {\"advisory\": \"GHSA-vgjq-8cw5-ggw8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"pnggroup\", \"product\": \"libpng\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.6.54\"}]}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8\", \"name\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125: Out-of-bounds Read\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-12T22:57:58.288Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-22801\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-13T19:37:45.414Z\", \"dateReserved\": \"2026-01-09T22:50:10.287Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-01-12T22:57:58.288Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
cleanstart-2026-tl29125
Vulnerability from cleanstart
Published
2026-04-18 00:37
Modified
2026-04-17 12:37
Summary
In libexpat before 2
Details
Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "apache-zookeeper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.5-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-TL29125",
"modified": "2026-04-17T12:37:31Z",
"published": "2026-04-18T00:37:21.370791Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-TL29125.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-13151"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22695"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22801"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25210"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25210"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "In libexpat before 2",
"upstream": [
"CVE-2025-13151",
"CVE-2026-22695",
"CVE-2026-22801",
"CVE-2026-24515",
"CVE-2026-25210",
"ghsa-72hv-8253-57qq",
"ghsa-qqpg-mvqg-649v"
]
}
cleanstart-2026-ub19292
Vulnerability from cleanstart
Published
2026-04-30 01:03
Modified
2026-04-29 07:14
Summary
In libexpat before 2
Details
Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "apache-zookeeper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.5-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-UB19292",
"modified": "2026-04-29T07:14:23Z",
"published": "2026-04-30T01:03:57.614476Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-UB19292.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-13151"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22695"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22801"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25210"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25210"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "In libexpat before 2",
"upstream": [
"CVE-2025-13151",
"CVE-2026-22695",
"CVE-2026-22801",
"CVE-2026-24515",
"CVE-2026-25210",
"ghsa-72hv-8253-57qq",
"ghsa-qqpg-mvqg-649v"
]
}
cleanstart-2026-un47141
Vulnerability from cleanstart
Published
2026-04-14 00:42
Modified
2026-04-13 11:37
Summary
In libexpat before 2
Details
Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "apache-zookeeper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.5-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-UN47141",
"modified": "2026-04-13T11:37:38Z",
"published": "2026-04-14T00:42:12.693889Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-UN47141.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-13151"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22695"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22801"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25210"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25210"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "In libexpat before 2",
"upstream": [
"CVE-2025-13151",
"CVE-2026-22695",
"CVE-2026-22801",
"CVE-2026-24515",
"CVE-2026-25210",
"ghsa-72hv-8253-57qq",
"ghsa-qqpg-mvqg-649v"
]
}
cleanstart-2026-uv97144
Vulnerability from cleanstart
Published
2026-04-09 01:00
Modified
2026-04-08 06:46
Summary
In libexpat before 2
Details
Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "apache-zookeeper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.2-r5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-UV97144",
"modified": "2026-04-08T06:46:14Z",
"published": "2026-04-09T01:00:39.863796Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-UV97144.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-13151"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22695"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22801"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25210"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25210"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "In libexpat before 2",
"upstream": [
"CVE-2025-13151",
"CVE-2026-22695",
"CVE-2026-22801",
"CVE-2026-24515",
"CVE-2026-25210",
"ghsa-72hv-8253-57qq"
]
}
cleanstart-2026-uz82654
Vulnerability from cleanstart
Published
2026-05-18 12:55
Modified
2026-05-18 05:42
Summary
Security fixes for CVE-2025-13151, CVE-2026-22695, CVE-2026-22801, CVE-2026-24515, CVE-2026-25210, ghsa-72hv-8253-57qq applied in versions: 3.7.2-r4, 3.7.2-r5, 3.7.2-r6
Details
Multiple security vulnerabilities affect the apache-zookeeper package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "apache-zookeeper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.2-r6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the apache-zookeeper package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-UZ82654",
"modified": "2026-05-18T05:42:31Z",
"published": "2026-05-18T12:55:13.818011Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-UZ82654.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-13151"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22695"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22801"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25210"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25210"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-13151, CVE-2026-22695, CVE-2026-22801, CVE-2026-24515, CVE-2026-25210, ghsa-72hv-8253-57qq applied in versions: 3.7.2-r4, 3.7.2-r5, 3.7.2-r6",
"upstream": [
"CVE-2025-13151",
"CVE-2026-22695",
"CVE-2026-22801",
"CVE-2026-24515",
"CVE-2026-25210",
"ghsa-72hv-8253-57qq"
]
}
FKIE_CVE-2026-22801
Vulnerability from fkie_nvd - Published: 2026-01-12 23:15 - Updated: 2026-01-21 18:58
Severity
6.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5664F6-3EA2-4459-8380-BEB9937EFBE1",
"versionEndExcluding": "1.6.54",
"versionStartIncluding": "1.6.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54."
},
{
"lang": "es",
"value": "LIBPNG es una biblioteca de referencia para usar en aplicaciones que leen, crean y manipulan archivos de imagen r\u00e1ster PNG (Portable Network Graphics). Desde la versi\u00f3n 1.6.26 hasta la 1.6.53, existe un truncamiento de enteros en las funciones API de escritura simplificadas de libpng, png_write_image_16bit y png_write_image_8bit, que causa una lectura excesiva del b\u00fafer de la pila (heap buffer over-read) cuando el llamador proporciona un paso de fila negativo (para dise\u00f1os de imagen de abajo hacia arriba) o un paso que excede los 65535 bytes. El error fue introducido en libpng 1.6.26 (octubre de 2016) por conversiones de tipo a\u00f1adidas para silenciar advertencias del compilador en sistemas de 16 bits. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 1.6.54."
}
],
"id": "CVE-2026-22801",
"lastModified": "2026-01-21T18:58:18.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-01-12T23:15:52.907",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
MSRC_CVE-2026-22801
Vulnerability from csaf_microsoft - Published: 2026-01-02 00:00 - Updated: 2026-02-18 14:10Summary
LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.8 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 20815-17084 | — | ||
| Unresolved product id: 20816-17086 | — |
Known affected
3 products
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-4 | — | ||
| Unresolved product id: 17086-5 | — | ||
| Unresolved product id: 17084-6 | — | ||
| Unresolved product id: 17084-1 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22801 LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_* - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-22801.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*",
"tracking": {
"current_release_date": "2026-02-18T14:10:26.000Z",
"generator": {
"date": "2026-02-18T14:43:41.733Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-22801",
"initial_release_date": "2026-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-01-14T01:03:23.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-01-15T01:07:25.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-01-20T14:41:21.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-01-21T14:36:27.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
},
{
"date": "2026-02-18T14:10:26.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Information published."
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 libpng 1.6.52-1",
"product": {
"name": "\u003cazl3 libpng 1.6.52-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 libpng 1.6.52-1",
"product": {
"name": "azl3 libpng 1.6.52-1",
"product_id": "20815"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 libpng 1.6.52-1",
"product": {
"name": "\u003ccbl2 libpng 1.6.52-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 libpng 1.6.52-1",
"product": {
"name": "cbl2 libpng 1.6.52-1",
"product_id": "20816"
}
}
],
"category": "product_name",
"name": "libpng"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "tensorflow"
},
{
"category": "product_name",
"name": "cbl2 qt5-qtbase 5.12.11-19",
"product": {
"name": "cbl2 qt5-qtbase 5.12.11-19",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "cbl2 tensorflow 2.11.1-2",
"product_id": "5"
}
},
{
"category": "product_name",
"name": "azl3 qtbase 6.6.3-4",
"product": {
"name": "azl3 qtbase 6.6.3-4",
"product_id": "6"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-10",
"product": {
"name": "azl3 tensorflow 2.16.1-10",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libpng 1.6.52-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libpng 1.6.52-1 as a component of Azure Linux 3.0",
"product_id": "20815-17084"
},
"product_reference": "20815",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libpng 1.6.52-1 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libpng 1.6.52-1 as a component of CBL Mariner 2.0",
"product_id": "20816-17086"
},
"product_reference": "20816",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 qt5-qtbase 5.12.11-19 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tensorflow 2.11.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 qtbase 6.6.3-4 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-7"
},
"product_reference": "7",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-10 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22801",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17086-5",
"17084-6",
"17084-1"
]
},
{
"label": "vulnerable_code_not_in_execute_path",
"product_ids": [
"17086-4"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20815-17084",
"20816-17086"
],
"known_affected": [
"17084-3",
"17086-2",
"17084-7"
],
"known_not_affected": [
"17086-4",
"17086-5",
"17084-6",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22801 LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_* - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-22801.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-01-14T01:03:23.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-7"
]
},
{
"category": "vendor_fix",
"date": "2026-01-14T01:03:23.000Z",
"details": "1.6.54-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3",
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-3",
"17086-2",
"17084-7"
]
}
],
"title": "LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*"
}
]
}
OPENSUSE-SU-2026:10060-1
Vulnerability from csaf_opensuse - Published: 2026-01-17 00:00 - Updated: 2026-01-17 00:00Summary
libpng16-16-1.6.54-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: libpng16-16-1.6.54-1.1 on GA media
Description of the patch: These are all security issues fixed in the libpng16-16-1.6.54-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10060
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2026-22695/ | self |
| https://www.suse.com/security/cve/CVE-2026-22801/ | self |
| https://www.suse.com/security/cve/CVE-2026-22695 | external |
| https://bugzilla.suse.com/1256525 | external |
| https://www.suse.com/security/cve/CVE-2026-22801 | external |
| https://bugzilla.suse.com/1256526 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libpng16-16-1.6.54-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libpng16-16-1.6.54-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10060",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10060-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22695 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22801 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22801/"
}
],
"title": "libpng16-16-1.6.54-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-17T00:00:00Z",
"generator": {
"date": "2026-01-17T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10060-1",
"initial_release_date": "2026-01-17T00:00:00Z",
"revision_history": [
{
"date": "2026-01-17T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.54-1.1.aarch64",
"product": {
"name": "libpng16-16-1.6.54-1.1.aarch64",
"product_id": "libpng16-16-1.6.54-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.54-1.1.aarch64",
"product": {
"name": "libpng16-16-32bit-1.6.54-1.1.aarch64",
"product_id": "libpng16-16-32bit-1.6.54-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.aarch64",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.aarch64",
"product_id": "libpng16-16-x86-64-v3-1.6.54-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.54-1.1.aarch64",
"product": {
"name": "libpng16-compat-devel-1.6.54-1.1.aarch64",
"product_id": "libpng16-compat-devel-1.6.54-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.aarch64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.aarch64",
"product_id": "libpng16-compat-devel-32bit-1.6.54-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.54-1.1.aarch64",
"product": {
"name": "libpng16-devel-1.6.54-1.1.aarch64",
"product_id": "libpng16-devel-1.6.54-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.54-1.1.aarch64",
"product": {
"name": "libpng16-devel-32bit-1.6.54-1.1.aarch64",
"product_id": "libpng16-devel-32bit-1.6.54-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64",
"product_id": "libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.54-1.1.aarch64",
"product": {
"name": "libpng16-tools-1.6.54-1.1.aarch64",
"product_id": "libpng16-tools-1.6.54-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.54-1.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.54-1.1.ppc64le",
"product_id": "libpng16-16-1.6.54-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.54-1.1.ppc64le",
"product": {
"name": "libpng16-16-32bit-1.6.54-1.1.ppc64le",
"product_id": "libpng16-16-32bit-1.6.54-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le",
"product_id": "libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.54-1.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-1.6.54-1.1.ppc64le",
"product_id": "libpng16-compat-devel-1.6.54-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le",
"product_id": "libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.54-1.1.ppc64le",
"product": {
"name": "libpng16-devel-1.6.54-1.1.ppc64le",
"product_id": "libpng16-devel-1.6.54-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.54-1.1.ppc64le",
"product": {
"name": "libpng16-devel-32bit-1.6.54-1.1.ppc64le",
"product_id": "libpng16-devel-32bit-1.6.54-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"product_id": "libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.54-1.1.ppc64le",
"product": {
"name": "libpng16-tools-1.6.54-1.1.ppc64le",
"product_id": "libpng16-tools-1.6.54-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.54-1.1.s390x",
"product": {
"name": "libpng16-16-1.6.54-1.1.s390x",
"product_id": "libpng16-16-1.6.54-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.54-1.1.s390x",
"product": {
"name": "libpng16-16-32bit-1.6.54-1.1.s390x",
"product_id": "libpng16-16-32bit-1.6.54-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.s390x",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.s390x",
"product_id": "libpng16-16-x86-64-v3-1.6.54-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.54-1.1.s390x",
"product": {
"name": "libpng16-compat-devel-1.6.54-1.1.s390x",
"product_id": "libpng16-compat-devel-1.6.54-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.s390x",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.s390x",
"product_id": "libpng16-compat-devel-32bit-1.6.54-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.54-1.1.s390x",
"product": {
"name": "libpng16-devel-1.6.54-1.1.s390x",
"product_id": "libpng16-devel-1.6.54-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.54-1.1.s390x",
"product": {
"name": "libpng16-devel-32bit-1.6.54-1.1.s390x",
"product_id": "libpng16-devel-32bit-1.6.54-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.s390x",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.s390x",
"product_id": "libpng16-devel-x86-64-v3-1.6.54-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.54-1.1.s390x",
"product": {
"name": "libpng16-tools-1.6.54-1.1.s390x",
"product_id": "libpng16-tools-1.6.54-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.54-1.1.x86_64",
"product": {
"name": "libpng16-16-1.6.54-1.1.x86_64",
"product_id": "libpng16-16-1.6.54-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-32bit-1.6.54-1.1.x86_64",
"product": {
"name": "libpng16-16-32bit-1.6.54-1.1.x86_64",
"product_id": "libpng16-16-32bit-1.6.54-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.x86_64",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.x86_64",
"product_id": "libpng16-16-x86-64-v3-1.6.54-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.54-1.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.54-1.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.54-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.x86_64",
"product": {
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.x86_64",
"product_id": "libpng16-compat-devel-32bit-1.6.54-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.54-1.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.54-1.1.x86_64",
"product_id": "libpng16-devel-1.6.54-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-32bit-1.6.54-1.1.x86_64",
"product": {
"name": "libpng16-devel-32bit-1.6.54-1.1.x86_64",
"product_id": "libpng16-devel-32bit-1.6.54-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64",
"product_id": "libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.54-1.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.54-1.1.x86_64",
"product_id": "libpng16-tools-1.6.54-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.54-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.aarch64"
},
"product_reference": "libpng16-16-1.6.54-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.54-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.54-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.54-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.s390x"
},
"product_reference": "libpng16-16-1.6.54-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.54-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.x86_64"
},
"product_reference": "libpng16-16-1.6.54-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.54-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.aarch64"
},
"product_reference": "libpng16-16-32bit-1.6.54-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.54-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.ppc64le"
},
"product_reference": "libpng16-16-32bit-1.6.54-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.54-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.s390x"
},
"product_reference": "libpng16-16-32bit-1.6.54-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-32bit-1.6.54-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.x86_64"
},
"product_reference": "libpng16-16-32bit-1.6.54-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.aarch64"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.54-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.s390x"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.54-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.54-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.x86_64"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.54-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.54-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.54-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.54-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.54-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.54-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.54-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.54-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.54-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.aarch64"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.54-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.s390x"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.54-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-32bit-1.6.54-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.x86_64"
},
"product_reference": "libpng16-compat-devel-32bit-1.6.54-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.54-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.54-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.54-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.54-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.54-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.s390x"
},
"product_reference": "libpng16-devel-1.6.54-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.54-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.54-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.54-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.aarch64"
},
"product_reference": "libpng16-devel-32bit-1.6.54-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.54-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.ppc64le"
},
"product_reference": "libpng16-devel-32bit-1.6.54-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.54-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.s390x"
},
"product_reference": "libpng16-devel-32bit-1.6.54-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-32bit-1.6.54-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.x86_64"
},
"product_reference": "libpng16-devel-32bit-1.6.54-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.s390x"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.54-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.54-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.aarch64"
},
"product_reference": "libpng16-tools-1.6.54-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.54-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.ppc64le"
},
"product_reference": "libpng16-tools-1.6.54-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.54-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.s390x"
},
"product_reference": "libpng16-tools-1.6.54-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.54-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.54-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22695"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22695",
"url": "https://www.suse.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "SUSE Bug 1256525 for CVE-2026-22695",
"url": "https://bugzilla.suse.com/1256525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-22695"
},
{
"cve": "CVE-2026-22801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22801"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22801",
"url": "https://www.suse.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "SUSE Bug 1256526 for CVE-2026-22801",
"url": "https://bugzilla.suse.com/1256526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-16-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-compat-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-32bit-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-devel-x86-64-v3-1.6.54-1.1.x86_64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.aarch64",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.ppc64le",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.s390x",
"openSUSE Tumbleweed:libpng16-tools-1.6.54-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-22801"
}
]
}
OPENSUSE-SU-2026:20083-1
Vulnerability from csaf_opensuse - Published: 2026-01-22 14:29 - Updated: 2026-01-22 14:29Summary
Security update for libpng16
Severity
Moderate
Notes
Title of the patch: Security update for libpng16
Description of the patch: This update for libpng16 fixes the following issues:
- CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
Patchnames: openSUSE-Leap-16.0-172
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://bugzilla.suse.com/1256525 | self |
| https://bugzilla.suse.com/1256526 | self |
| https://www.suse.com/security/cve/CVE-2026-22695/ | self |
| https://www.suse.com/security/cve/CVE-2026-22801/ | self |
| https://www.suse.com/security/cve/CVE-2026-22695 | external |
| https://bugzilla.suse.com/1256525 | external |
| https://www.suse.com/security/cve/CVE-2026-22801 | external |
| https://bugzilla.suse.com/1256526 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libpng16",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libpng16 fixes the following issues:\n\n- CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525).\n- CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-172",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20083-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1256525",
"url": "https://bugzilla.suse.com/1256525"
},
{
"category": "self",
"summary": "SUSE Bug 1256526",
"url": "https://bugzilla.suse.com/1256526"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22695 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22801 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22801/"
}
],
"title": "Security update for libpng16",
"tracking": {
"current_release_date": "2026-01-22T14:29:42Z",
"generator": {
"date": "2026-01-22T14:29:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20083-1",
"initial_release_date": "2026-01-22T14:29:42Z",
"revision_history": [
{
"date": "2026-01-22T14:29:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.4.1.aarch64",
"product": {
"name": "libpng16-16-1.6.44-160000.4.1.aarch64",
"product_id": "libpng16-16-1.6.44-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.4.1.aarch64",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.4.1.aarch64",
"product_id": "libpng16-compat-devel-1.6.44-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.4.1.aarch64",
"product": {
"name": "libpng16-devel-1.6.44-160000.4.1.aarch64",
"product_id": "libpng16-devel-1.6.44-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.4.1.aarch64",
"product": {
"name": "libpng16-tools-1.6.44-160000.4.1.aarch64",
"product_id": "libpng16-tools-1.6.44-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.4.1.ppc64le",
"product": {
"name": "libpng16-16-1.6.44-160000.4.1.ppc64le",
"product_id": "libpng16-16-1.6.44-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.4.1.ppc64le",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.4.1.ppc64le",
"product_id": "libpng16-compat-devel-1.6.44-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.4.1.ppc64le",
"product": {
"name": "libpng16-devel-1.6.44-160000.4.1.ppc64le",
"product_id": "libpng16-devel-1.6.44-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.4.1.ppc64le",
"product": {
"name": "libpng16-tools-1.6.44-160000.4.1.ppc64le",
"product_id": "libpng16-tools-1.6.44-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.4.1.s390x",
"product": {
"name": "libpng16-16-1.6.44-160000.4.1.s390x",
"product_id": "libpng16-16-1.6.44-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.4.1.s390x",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.4.1.s390x",
"product_id": "libpng16-compat-devel-1.6.44-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.4.1.s390x",
"product": {
"name": "libpng16-devel-1.6.44-160000.4.1.s390x",
"product_id": "libpng16-devel-1.6.44-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.4.1.s390x",
"product": {
"name": "libpng16-tools-1.6.44-160000.4.1.s390x",
"product_id": "libpng16-tools-1.6.44-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng16-16-1.6.44-160000.4.1.x86_64",
"product": {
"name": "libpng16-16-1.6.44-160000.4.1.x86_64",
"product_id": "libpng16-16-1.6.44-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64",
"product": {
"name": "libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64",
"product_id": "libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-1.6.44-160000.4.1.x86_64",
"product": {
"name": "libpng16-compat-devel-1.6.44-160000.4.1.x86_64",
"product_id": "libpng16-compat-devel-1.6.44-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"product": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"product_id": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-1.6.44-160000.4.1.x86_64",
"product": {
"name": "libpng16-devel-1.6.44-160000.4.1.x86_64",
"product_id": "libpng16-devel-1.6.44-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"product": {
"name": "libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"product_id": "libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpng16-tools-1.6.44-160000.4.1.x86_64",
"product": {
"name": "libpng16-tools-1.6.44-160000.4.1.x86_64",
"product_id": "libpng16-tools-1.6.44-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.aarch64"
},
"product_reference": "libpng16-16-1.6.44-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.ppc64le"
},
"product_reference": "libpng16-16-1.6.44-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.s390x"
},
"product_reference": "libpng16-16-1.6.44-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-1.6.44-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.x86_64"
},
"product_reference": "libpng16-16-1.6.44-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64"
},
"product_reference": "libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.aarch64"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.ppc64le"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.s390x"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-1.6.44-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.x86_64"
},
"product_reference": "libpng16-compat-devel-1.6.44-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64"
},
"product_reference": "libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.aarch64"
},
"product_reference": "libpng16-devel-1.6.44-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.ppc64le"
},
"product_reference": "libpng16-devel-1.6.44-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.s390x"
},
"product_reference": "libpng16-devel-1.6.44-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-1.6.44-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.x86_64"
},
"product_reference": "libpng16-devel-1.6.44-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64"
},
"product_reference": "libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.aarch64"
},
"product_reference": "libpng16-tools-1.6.44-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.ppc64le"
},
"product_reference": "libpng16-tools-1.6.44-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.s390x"
},
"product_reference": "libpng16-tools-1.6.44-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng16-tools-1.6.44-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.x86_64"
},
"product_reference": "libpng16-tools-1.6.44-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22695"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22695",
"url": "https://www.suse.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "SUSE Bug 1256525 for CVE-2026-22695",
"url": "https://bugzilla.suse.com/1256525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T14:29:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-22695"
},
{
"cve": "CVE-2026-22801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22801"
}
],
"notes": [
{
"category": "general",
"text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22801",
"url": "https://www.suse.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "SUSE Bug 1256526 for CVE-2026-22801",
"url": "https://bugzilla.suse.com/1256526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-16-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-16-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-compat-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-compat-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-devel-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-devel-x86-64-v3-1.6.44-160000.4.1.x86_64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.aarch64",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.ppc64le",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.s390x",
"openSUSE Leap 16.0:libpng16-tools-1.6.44-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T14:29:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-22801"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…