JLSEC-2026-9

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-9.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-9.json

JSON Data

https://api.test.osv.dev/v1/vulns/JLSEC-2026-9

Upstream

CVE-2025-28162

Published

2026-03-24T16:21:52.681Z

Modified

2026-03-24T16:30:06.259673Z

Summary

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of s...

Details

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive

Database specific

{
    "sources": [
        {
            "published": "2026-01-27T16:16:14.630Z",
            "id": "CVE-2025-28162",
            "modified": "2026-02-06T20:06:44.260Z",
            "imported": "2026-03-24T05:02:26.984Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-28162",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28162"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / libpng_jll

Package

Name: libpng_jll
Purl: pkg:julia/libpng_jll?uuid=b53b4c65-9356-5827-b1ea-8c7a1a84506f

Affected ranges

Type: SEMVER
Events: Introduced

1.6.43+0

Fixed

1.6.47+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-9.json"