CVE-2025-28162

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-28162
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-28162.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-28162
Downstream
Related
Published
2026-01-27T16:16:14.630Z
Modified
2026-03-12T20:14:52.602159Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive

References

Affected packages

Git / github.com/glennrp/libpng

Affected ranges

Type
GIT
Repo
https://github.com/glennrp/libpng
Events
Introduced
ed217e3e601d8e462f7fd1e04bed43ac42212429
Last affected
0024abd279d3a06435c0309a3f4172eed7c7a19a
Database specific 
{
    "versions": [
        {
            "introduced": "1.6.43"
        },
        {
            "last_affected": "1.6.46"
        }
    ]
}

Affected versions

v1.*
v1.6.43
v1.6.44
v1.6.45
v1.6.46

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-28162.json"