Bug 2433398 (CVE-2025-28164) - CVE-2025-28164 libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function
Summary: CVE-2025-28164 libpng: libpng: Denial of Service via buffer overflow in png_c...
Keywords:
Status: NEW
Alias: CVE-2025-28164
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2433683 2433684 2433685 2433686 2433687 2433688 2433689 2433690 2433691 2433692 2433693 2433694 2433695 2433696 2433697 2433698 2433700 2433701 2433702 2433703 2433704 2433705 2433706 2433707 2433708 2433709 2433711 2433699 2433710
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-27 16:02 UTC by OSIDB Bzimport
Modified: 2026-01-28 13:37 UTC (History)
18 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-01-27 16:02:16 UTC 
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
Note You need to log in before you can comment on or make changes to this bug.