CVE-2025-28164

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libpng versions 1.6.43 through 1.6.46

Description A buffer overflow condition exists in libpng versions 1.6.43 through 1.6.46. This issue allows a local attacker to potentially cause a denial of service. The png create read struct() function is affected.

Recommendations Update libpng to a version newer than 1.6.46.

Exploit

Fix

DoS

Memory Leak

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-120

Related Identifiers

BDU:2026-05684

CVE-2025-28164

ECHO-546D-3185-0D21

OESA-2026-1313

OESA-2026-1314

OESA-2026-1315

OESA-2026-1316

OPENSUSE-SU-2026:20378-1

RHSA-2026:6732

SUSE-SU-2026:0364-1

SUSE-SU-2026:0596-1

SUSE-SU-2026:20523-1

SUSE-SU-2026:20530-1

SUSE-SU-2026:20750-1

USN-7993-1

Affected Products

Linuxmint

Red Os

Ubuntu

Libpng

CVE-2025-28164

Weakness Enumeration

Related Identifiers

Affected Products

References · 57