CLSA-2026-1777311274
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1777311274.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1777311274
- Upstream
- Published
- 2026-04-27T17:34:38Z
- Modified
- 2026-06-04T09:46:51.359069115Z
- Summary
- Fix CVE(s): CVE-2026-22801, CVE-2026-25646
- Details
-
- SECURITY UPDATE: Heap buffer over-read in pngwriteimage_* due to
truncation of ptrdifft row stride to pnguint16
- debian/patches/CVE-2026-22801.patch: remove incorrect truncation casts from pngwriteimage16bit, pngwriteimage8bit, and pngimagewrite
- CVE-2026-22801
- SECURITY UPDATE: Heap buffer overflow in pngsetquantize due to stale palette indices stored in the color distance hash table
- debian/patches/CVE-2026-25646.patch: store original palette indices via palettetoindex in pngsetquantize so the color-pruning loop does not read past the 769-element hash array
- CVE-2026-25646
- SECURITY UPDATE: Heap buffer over-read in pngwriteimage_* due to
truncation of ptrdifft row stride to pnguint16
- References
Affected packages
TuxCare:Ubuntu:20.04 / libpng-dev
Package
- Name
- libpng-dev
- Purl
- pkg:deb/tuxcare/libpng-dev?distro=ubuntu-20.04
TuxCare:Ubuntu:20.04 / libpng-tools
Package
- Name
- libpng-tools
- Purl
- pkg:deb/tuxcare/libpng-tools?distro=ubuntu-20.04