| libpng 1.6.54 - January 12, 2026 |
| ================================ |
| |
| This is a public release of libpng, intended for use in production code. |
| |
| |
| Files available for download |
| ---------------------------- |
| |
| Source files: |
| |
| * libpng-1.6.54.tar.xz (LZMA-compressed, recommended) |
| * libpng-1.6.54.tar.gz (deflate-compressed) |
| * lpng1654.7z (LZMA-compressed) |
| * lpng1654.zip (deflate-compressed) |
| |
| Other information: |
| |
| * README.md |
| * LICENSE.md |
| * AUTHORS.md |
| * TRADEMARK.md |
| |
| |
| Changes from version 1.6.53 to version 1.6.54 |
| --------------------------------------------- |
| |
| * Fixed CVE-2026-22695 (medium severity): |
| Heap buffer over-read in `png_image_read_direct_scaled. |
| (Reported and fixed by Petr Simecek.) |
| * Fixed CVE-2026-22801 (medium severity): |
| Integer truncation causing heap buffer over-read in `png_image_write_*`. |
| * Implemented various improvements in oss-fuzz. |
| (Contributed by Philippe Antoine.) |
| |
| Send comments/corrections/commendations to png-mng-implement at lists.sf.net. |
| Subscription is required; visit |
| https://lists.sourceforge.net/lists/listinfo/png-mng-implement |
| to subscribe. |
