CVE-2025-28162

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-28162
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-28162.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-28162
Downstream
Related
Published
2026-01-27T00:00:00Z
Modified
2026-05-18T05:59:26.626931128Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive

Database specific 
{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/28xxx/CVE-2025-28162.json"
}
References

Affected packages

Git / github.com/clearlinux-pkgs/libpng

Affected ranges

Type
GIT
Repo
https://github.com/clearlinux-pkgs/libpng
Events
Introduced
f53af5cf2e148b13ccb183af6053b82c96c58e13
Last affected
1ee2e0d1295c0a0acd4898e418284040da65d13f
Database specific 
{
    "extracted_events": [
        {
            "introduced": "1.6.43"
        },
        {
            "last_affected": "1.6.46"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*"
}

Affected versions

1.*
1.6.43-83
1.6.44-84
1.6.45-85
1.6.46-86

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-28162.json"

Git / github.com/pnggroup/libpng

Affected ranges

Type
GIT
Repo
https://github.com/pnggroup/libpng
Events
Introduced
ed217e3e601d8e462f7fd1e04bed43ac42212429
Last affected
0024abd279d3a06435c0309a3f4172eed7c7a19a
Database specific 
{
    "extracted_events": [
        {
            "introduced": "1.6.43"
        },
        {
            "last_affected": "1.6.46"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*"
}

Affected versions

v1.*
v1.6.43
v1.6.44
v1.6.45
v1.6.46

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-28162.json"