CVE-2025-28164

Name
CVE-2025-28164
Description
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20
cve@mitre.org https://github.com/pnggroup/libpng/issues/655

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:* libpng >= 1.6.43 <= 1.6.46

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libpng edge-main 1.6.46-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng edge-main 1.6.45-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng edge-main 1.6.44-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.21-main 1.6.44-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.20-main 1.6.44-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
libpng 3.19-main 1.6.44-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable