Fluid Attacks Database

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.23	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.37-r0 \|\| =1.6.37-r1 \|\| =1.6.37-r2 \|\| =1.6.38-r0 \|\| =1.6.39-r0 \|\| =1.6.39-r1 \|\| =1.6.39-r2 \|\| =1.6.39-r3 \|\| =1.6.39-r4 \|\| =1.6.40-r0 \|\| =1.6.41-r0 \|\| =1.6.42-r0 \|\| =1.6.43-r0 \|\| =1.6.44-r0 \|\| =1.6.45-r0 \|\| =1.6.46-r0 \|\| =1.6.47-r0 \|\| =1.6.49-r0 \|\| =1.6.5-r0 \|\| =1.6.51-r0 \|\| =1.6.51-r1 \|\| =1.6.53-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.54-r0	1.6.54-r0
alpine v3.21	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.37-r0 \|\| =1.6.37-r1 \|\| =1.6.37-r2 \|\| =1.6.38-r0 \|\| =1.6.39-r0 \|\| =1.6.39-r1 \|\| =1.6.39-r2 \|\| =1.6.39-r3 \|\| =1.6.39-r4 \|\| =1.6.40-r0 \|\| =1.6.41-r0 \|\| =1.6.42-r0 \|\| =1.6.43-r0 \|\| =1.6.44-r0 \|\| =1.6.47-r0 \|\| =1.6.5-r0 \|\| =1.6.53-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.54-r0	1.6.54-r0
debian 14	libpng1.6	=1.6.48-1 \|\| =1.6.49-1~exp1 \|\| =1.6.50-1 \|\| =1.6.50-1~exp1 \|\| =1.6.51-1 \|\| =1.6.52-1 \|\| =1.6.53-1 \|\| >=0 <1.6.54-1	1.6.54-1
alpine v3.20	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.37-r0 \|\| =1.6.37-r1 \|\| =1.6.37-r2 \|\| =1.6.38-r0 \|\| =1.6.39-r0 \|\| =1.6.39-r1 \|\| =1.6.39-r2 \|\| =1.6.39-r3 \|\| =1.6.39-r4 \|\| =1.6.40-r0 \|\| =1.6.41-r0 \|\| =1.6.42-r0 \|\| =1.6.43-r0 \|\| =1.6.44-r0 \|\| =1.6.5-r0 \|\| =1.6.53-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.54-r0	1.6.54-r0
alpine v3.22	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.37-r0 \|\| =1.6.37-r1 \|\| =1.6.37-r2 \|\| =1.6.38-r0 \|\| =1.6.39-r0 \|\| =1.6.39-r1 \|\| =1.6.39-r2 \|\| =1.6.39-r3 \|\| =1.6.39-r4 \|\| =1.6.40-r0 \|\| =1.6.41-r0 \|\| =1.6.42-r0 \|\| =1.6.43-r0 \|\| =1.6.44-r0 \|\| =1.6.45-r0 \|\| =1.6.46-r0 \|\| =1.6.47-r0 \|\| =1.6.5-r0 \|\| =1.6.51-r0 \|\| =1.6.53-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.54-r0	1.6.54-r0
debian 11	libpng1.6	=1.6.37-3 \|\| =1.6.37-3+deb11u1 \|\| >=0 <1.6.37-3+deb11u2	1.6.37-3+deb11u2
debian 13	libpng1.6	=1.6.48-1 \|\| =1.6.48-1+deb13u1 \|\| >=0 <1.6.48-1+deb13u2	1.6.48-1+deb13u2
debian 12	libpng1.6	=1.6.39-2 \|\| =1.6.39-2+deb12u1 \|\| >=0 <1.6.39-2+deb12u2	1.6.39-2+deb12u2
rpm rhel8	mingw-libpng	<0:1.6.34-2.el8_10	0:1.6.34-2.el8_10
rpm rhel8	java-1.8.0-openjdk	-	-

1-10 of 26

Aliases

1. CVE-2026-226952. NVD-2026-226953. OSV-ALPINE-2026-226954. OSV-2026-226955. OSV-DEBIAN-2026-226956. SECURITY-CVE-2026-226957. SECURITY-TRACKER-CVE-2026-22695

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.