← Back to CVEs
CVE-2025-28162
MEDIUM5.5
Description
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive
CVE Details
CVSS v3.1 Score5.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published1/27/2026
Last Modified2/6/2026
Sourcenvd
Honeypot Sightings0
Affected Products
libpng:libpng
Weaknesses (CWE)
CWE-120
References
https://github.com/pnggroup/libpng/issues/656(cve@mitre.org)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.