Advisories » MGASA-2026-0010

Updated libpng packages fix security vulnerabilities

Publication date: 17 Jan 2026
Modification date: 17 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-22695 , CVE-2026-22801

Description

LIBPNG has a heap buffer over-read in png_image_read_direct_scaled
(regression from CVE-2025-65018 fix). (CVE-2026-22695)
LIBPNG has an integer truncation causing heap buffer over-read in
png_image_write_*. (CVE-2026-22801)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34986
• https://www.openwall.com/lists/oss-security/2026/01/12/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801

SRPMS

9/core

• libpng-1.6.38-1.3.mga9