Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

DEBIAN-CVE-2026-22695

MEDIUM6.1

Published Jan 12, 2026

Modified Yesterday

No fix available

Details

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.

Affected Packages

Debian:11libpng1.6

Affected versions:

1.6.37-31.6.37-3+deb11u11.6.37-41.6.37-51.6.38-11.6.38-21.6.39-11.6.39-21.6.40-11.6.40-2+27 more

Debian:12libpng1.6

Affected versions:

1.6.39-21.6.39-2+deb12u11.6.40-11.6.40-21.6.40-31.6.41-11.6.42-11.6.42-1.1~exp11.6.43-11.6.43-1exp1+21 more

Debian:13libpng1.6

Affected versions:

1.6.48-11.6.48-1+deb13u11.6.49-1~exp11.6.50-11.6.50-1~exp11.6.51-11.6.52-11.6.53-1

Debian:14libpng1.6

Affected versions:

1.6.48-11.6.49-1~exp11.6.50-11.6.50-1~exp11.6.51-11.6.52-11.6.53-1

References

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-22695

CVSS Analysis

CVSS v3.1

6.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

LowC:L

Integrity

NoneI:N

Availability

HighA:H

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Upstream

CVE-2026-22695

Ecosystems

Debian 11 Debian 12 Debian 13 Debian 14

Timeline

PublishedJan 12, 2026

ModifiedJan 13, 2026

DEBIAN-CVE-2026-22695 | Mondoo Vulnerability Intelligence