[CLSA-2026:1777311274] Fix CVE(s): CVE-2026-22801, CVE-2026-25646

Type:

security

Severity:

Important

Release date:

2026-04-27 17:34:38 UTC

Description:

   * SECURITY UPDATE: Heap buffer over-read in png_write_image_* due to
     truncation of ptrdiff_t row stride to png_uint_16
     - debian/patches/CVE-2026-22801.patch: remove incorrect truncation
       casts from png_write_image_16bit, png_write_image_8bit, and
       png_image_write_main so large (>65535) and negative row strides
       are handled correctly
     - CVE-2026-22801
   * SECURITY UPDATE: Heap buffer overflow in png_set_quantize due to
     stale palette indices stored in the color distance hash table
     - debian/patches/CVE-2026-25646.patch: store original palette
       indices via palette_to_index in png_set_quantize so the
       color-pruning loop does not read past the 769-element hash array
     - CVE-2026-25646

Updated packages:

libpng-dev_1.6.37-2+tuxcare.els2_amd64.deb
sha:9b6a9b3a3d144a97bfbb968c63ffd9e1709a13e8
libpng-tools_1.6.37-2+tuxcare.els2_amd64.deb
sha:d5194d61df33e1a84cf2722022085205073eb5ea
libpng16-16_1.6.37-2+tuxcare.els2_amd64.deb
sha:592b1a26b6676485ed215362b3afb5b75a71feab

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.