CVE-2025-28164 Security Details

CVE ID

CVE-2025-28164

CWE

CWE-120

CWE-401

CVE Description

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.

Published

Jan 28, 2026

CVSS Score & Severity

8.7High

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.018%

Malware

malware

KEV Status

Not in KEV Catalog: No known exploits

Affected Ecosystems

affected

Source

National Vulnerability Database

References

https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20PROJECT