CVE-2025-28162

EUVD-2025-206405
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
libpnglibpng
1.6.43 ≤
𝑥
≤ 1.6.46
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libpng1.6
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
1.6.58-1
fixed
sid
1.6.58-1
fixed
trixie
1.6.48-1+deb13u5
fixed
trixie (security)
1.6.48-1+deb13u5
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpng16-16
suse enterprise desktop 15 SP7
1.6.40-150600.3.9.1
fixed
suse enterprise sap 15 SP4
1.6.34-150000.3.19.1
fixed
suse enterprise sap 15 SP5
1.6.34-150000.3.19.1
fixed
suse enterprise sap 15 SP7
1.6.40-150600.3.9.1
fixed
suse enterprise server 15 SP4
1.6.34-150000.3.19.1
fixed
suse enterprise server 15 SP5
1.6.34-150000.3.19.1
fixed
suse enterprise server 15 SP7
1.6.40-150600.3.9.1
fixed
libpng16-16-32bit
suse enterprise desktop 15 SP7
1.6.40-150600.3.9.1
fixed
suse enterprise sap 15 SP4
1.6.34-150000.3.19.1
fixed
suse enterprise sap 15 SP5
1.6.34-150000.3.19.1
fixed
suse enterprise sap 15 SP7
1.6.40-150600.3.9.1
fixed
suse enterprise server 15 SP4
1.6.34-150000.3.19.1
fixed
suse enterprise server 15 SP5
1.6.34-150000.3.19.1
fixed
suse enterprise server 15 SP7
1.6.40-150600.3.9.1
fixed
libpng16-compat-devel
suse enterprise desktop 15 SP7
1.6.40-150600.3.9.1
fixed
suse enterprise sap 15 SP4
1.6.34-150000.3.19.1
fixed
suse enterprise sap 15 SP5
1.6.34-150000.3.19.1
fixed
suse enterprise sap 15 SP7
1.6.40-150600.3.9.1
fixed
suse enterprise server 15 SP4
1.6.34-150000.3.19.1
fixed
suse enterprise server 15 SP5
1.6.34-150000.3.19.1
fixed
suse enterprise server 15 SP7
1.6.40-150600.3.9.1
fixed
libpng16-devel
suse enterprise desktop 15 SP7
1.6.40-150600.3.9.1
fixed
suse enterprise sap 15 SP4
1.6.34-150000.3.19.1
fixed
suse enterprise sap 15 SP5
1.6.34-150000.3.19.1
fixed
suse enterprise sap 15 SP7
1.6.40-150600.3.9.1
fixed
suse enterprise server 15 SP4
1.6.34-150000.3.19.1
fixed
suse enterprise server 15 SP5
1.6.34-150000.3.19.1
fixed
suse enterprise server 15 SP7
1.6.40-150600.3.9.1
fixed
Common Weakness Enumeration
References
https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60
https://github.com/pnggroup/libpng/issues/656