Home > Vulnerability Database > CVE-2025-28162

Mend.io Vulnerability Database

CVE-2025-28162

Good to know:

Date: January 26, 2026

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive

Severity Score

5.5

Related Resources (4)

Url: https://github.com/pnggroup/libpng/issues/656

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-28162

Url: https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60

Url: https://www.mend.io/vulnerability-database/CVE-2025-28162

Severity Score

5.5

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Top Fix

Upgrade Version

Upgrade to version libpng - 1.6.47;https://github.com/pnggroup/libpng.git - v1.6.47

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-28162

Good to know:

Date: January 26, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?