CVE-2026-22695

Publication date 13 January 2026

Last updated 13 January 2026

Ubuntu priority

Why this priority?

Description

Heap buffer over-read in png_image_read_direct_scaled

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libpng	25.10 questing	Not in release
	25.04 plucky	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation
libpng1.6	25.10 questing	Needs evaluation
	25.04 plucky	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
firefox	25.10 questing	Not affected
	25.04 plucky	Not affected
	24.04 LTS noble	Not affected
	22.04 LTS jammy	Not affected
thunderbird	25.10 questing	Needs evaluation
	25.04 plucky	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
chromium-browser	25.10 questing	Not affected
	25.04 plucky	Not affected
	24.04 LTS noble	Not affected
	22.04 LTS jammy	Not affected

Notes

mdeslaur

regression from CVE-2025-65018 fix

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libpng1.6	Upstream: e4f7ad4

References

Other references