{"id":"JLSEC-2026-7","summary":"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl...","details":"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.","modified":"2026-03-24T16:30:06.485524Z","published":"2026-03-24T16:21:52.681Z","upstream":["CVE-2026-22695"],"database_specific":{"license":"CC-BY-4.0","sources":[{"id":"CVE-2026-22695","imported":"2026-03-24T05:02:26.972Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22695","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-22695","modified":"2026-01-21T18:58:55.787Z","published":"2026-01-12T23:15:52.597Z"}]},"references":[{"type":"WEB","url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"},{"type":"WEB","url":"https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"},{"type":"WEB","url":"https://github.com/pnggroup/libpng/issues/778"},{"type":"WEB","url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"}],"affected":[{"package":{"name":"libpng_jll","ecosystem":"Julia","purl":"pkg:julia/libpng_jll?uuid=b53b4c65-9356-5827-b1ea-8c7a1a84506f"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.6.51+0"},{"fixed":"1.6.54+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-7.json"}}],"schema_version":"1.7.5"}