CVE-2025-28164 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
libpng	libpng	1.6.43 ≤ 𝑥 ≤ 1.6.46

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libpng1.6

bookworm	unimportant
bookworm (security)	unimportant
bullseye	unimportant
bullseye (security)	unimportant
forky	1.6.56-1 fixed
sid	1.6.56-1 fixed
trixie	1.6.48-1+deb13u3 fixed
trixie (security)	1.6.48-1+deb13u4 fixed

Known Exploits!

https://github.com/pnggroup/libpng/issues/655

Common Weakness Enumeration

CWE-401 - Missing Release of Memory after Effective Lifetime
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Vulnerability Media Exposure

[GERMAN] libpng: Mehrere Schwachstellen ermöglichen Denial of Service
Ein Angreifer kann mehrere Schwachstellen in libpng ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2026-01-27T23:00:00+00:00

References

https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20

https://github.com/pnggroup/libpng/issues/655