Skip to main content

Libpng CVE-2025-28164

MEDIUM
Memory Leak (CWE-401)
2026-01-27 cve@mitre.org
Buffer Overflow Denial Of Service Libpng Red Hat Suse
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.0 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Mar 04, 2026 - 19:42 vuln.today
Public exploit code
CVE Published
Jan 27, 2026 - 16:16 nvd
MEDIUM 5.5

DescriptionCVE.org

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.

AnalysisAI

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. [CVSS 5.5 MEDIUM]

Technical ContextAI

Classified as CWE-401 (Memory Leak). Affects Libpng. Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container private-registry/harbor-portal:1.1.1-1.20 Container suse/manager/5.0/x86_64/server-attestation:latest Container suse/manager/5.0/x86_64/server:latest Container suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.2.8.15.2 Container suse/multi-linux-manager/5.1/x86_64/server:5.1.2.8.13.2 Image SLES15-SP6 Image SLES15-SP6-Azure-3P Image SLES15-SP6-Azure-Basic Image SLES15-SP6-Azure-Standard Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-Azure Image SLES15-SP6-BYOS-EC2 Image SLES15-SP6-BYOS-GCE Image SLES15-SP6-CHOST-BYOS Image SLES15-SP6-CHOST-BYOS-Aliyun Image SLES15-SP6-CHOST-BYOS-Azure Image SLES15-SP6-CHOST-BYOS-EC2 Image SLES15-SP6-CHOST-BYOS-GCE Image SLES15-SP6-CHOST-BYOS-GDC Image SLES15-SP6-CHOST-BYOS-SAP-CCloud Image SLES15-SP6-GCE Image SLES15-SP6-HPC Image SLES15-SP6-HPC-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-BYOS-GCE Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-HPC-GCE Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-Azure Image SLES15-SP6-Hardened-BYOS-EC2 Image SLES15-SP6-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Azure-3P Image SLES15-SP6-SAP-BYOS Image SLES15-SP6-SAP-BYOS-Azure Image SLES15-SP6-SAP-BYOS-EC2 Image SLES15-SP6-SAP-BYOS-GCE Image SLES15-SP6-SAP-Hardened Image SLES15-SP6-SAP-Hardened-Azure Image SLES15-SP6-SAP-Hardened-BYOS Image SLES15-SP6-SAP-Hardened-BYOS-Azure Image SLES15-SP6-SAP-Hardened-BYOS-EC2 Image SLES15-SP6-SAP-Hardened-BYOS-GCE Image SLES15-SP6-SAP-Hardened-EC2 Image SLES15-SP6-SAP-Hardened-GCE Image SLES15-SP7-Azure-3P Image SLES15-SP7-Azure-Basic Image SLES15-SP7-Azure-Standard Image SLES15-SP7-BYOS-Azure Image SLES15-SP7-BYOS-EC2 Image SLES15-SP7-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-GCE Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-Azure Image SLES15-SP7-HPC-BYOS-Azure Image SLES15-SP7-HPC-BYOS-EC2 Image SLES15-SP7-HPC-BYOS-GCE Image SLES15-SP7-Hardened-BYOS-Azure Image SLES15-SP7-Hardened-BYOS-EC2 Image SLES15-SP7-Hardened-BYOS-GCE Image SLES15-SP7-SAP-Azure Image SLES15-SP7-SAP-Azure-3P Image SLES15-SP7-SAP-BYOS-Azure Image SLES15-SP7-SAP-BYOS-EC2 Image SLES15-SP7-SAP-BYOS-GCE Image SLES15-SP7-SAP-EC2 Image SLES15-SP7-SAP-GCE Image SLES15-SP7-SAP-GCE-3P Image SLES15-SP7-SAP-Hardened-Azure Image SLES15-SP7-SAP-Hardened-BYOS-Azure Image SLES15-SP7-SAP-Hardened-BYOS-EC2 Image SLES15-SP7-SAP-Hardened-BYOS-GCE Image SLES15-SP7-SAP-Hardened-GCE Image server-attestation-image Image server-image Affected
Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.57 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.96 Image SL-Micro Affected
Container suse/sl-micro/6.0/toolbox:13.2-9.22 Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.27 Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-Default Image SL-Micro-Default-SelfInstall Image SL-Micro-Default-encrypted Image SL-Micro-Default-qcow Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected

Share

CVE-2025-28164 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy