CVE-2025-28162 — Classic Buffer Overflow in Libpng

CWE-120 — Classic Buffer Overflow9 documents9 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 95.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libpng

Timeline

PublishedJan 27

Latest updateFeb 2

Description

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDlibpng/libpng1.6.43 — 1.6.46

🔴Vulnerability Details

CVEList

CVE-2025-28162: Buffer Overflow vulnerability in libpng 1↗2026-01-27

▶

OSV

CVE-2025-28162: Buffer Overflow vulnerability in libpng 1↗2026-01-27

▶

GHSA

GHSA-h77p-hrmm-5v85: Buffer Overflow vulnerability in libpng 1↗2026-01-27

▶

📋Vendor Advisories

Ubuntu

libpng vulnerabilities↗2026-02-02

▶

Red Hat

libpng: libpng: Denial of Service via buffer overflow in pngimage utility↗2026-01-27

▶

Debian

CVE-2025-28162: libpng1.6 - Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-28162 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2025-28162 libpng: libpng: Denial of Service via buffer overflow in pngimage utility↗2026-01-27

▶