CVE-2025-28162

Published: 1/27/2026 Last updated: 1/29/2026 Reserved: 3/11/2025

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	5.5	Medium	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (4)

conf-gd conf-libpng grib qrencode

Products affected (1)

Product	Vendor	Version
n/a	n/a	< *

References (4)

https://github.com/pnggroup/libpng/issues/656
https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60
https://github.com/pnggroup/libpng/issues/656
https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60