CVE-2025-28162

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-28162
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-28162.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-28162
Downstream
Published
2026-01-27T16:16:14.630Z
Modified
2026-02-15T08:20:27.181142Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive

References

Affected packages

Git / github.com/clearlinux-pkgs/libpng

Affected ranges

Type
GIT
Repo
https://github.com/clearlinux-pkgs/libpng
Events
Introduced
f53af5cf2e148b13ccb183af6053b82c96c58e13
Last affected
1ee2e0d1295c0a0acd4898e418284040da65d13f

Affected versions

1.*
1.6.43-83
1.6.44-84
1.6.45-85
1.6.46-86

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-28162.json"

Git / github.com/glennrp/libpng

Affected ranges

Type
GIT
Repo
https://github.com/glennrp/libpng
Events
Introduced
ed217e3e601d8e462f7fd1e04bed43ac42212429
Last affected
f687cc377c4b6aed4ccb91d158636787d76fd479

Affected versions

v1.*
v1.6.43
v1.6.44
v1.6.45
v1.6.46
v1.6.47
v1.6.48
v1.6.49
v1.6.50
v1.6.51
v1.6.52
v1.6.53
v1.6.54
v1.6.55

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-28162.json"