CVE-2025-28164
📋 TL;DR
A buffer overflow vulnerability in libpng versions 1.6.43 through 1.6.46 allows local attackers to cause denial of service by exploiting the png_create_read_struct() function. This affects any application or system using these vulnerable libpng versions to process PNG images. The vulnerability requires local access to trigger.
💻 Affected Systems
- libpng
- Applications using libpng library
📦 What is this software?
Libpng by Libpng
⚠️ Risk & Real-World Impact
Worst Case
Complete system crash or application termination leading to denial of service, potentially disrupting services that rely on PNG image processing.
Likely Case
Application crash when processing malicious PNG files, causing temporary service disruption for affected applications.
If Mitigated
Minimal impact with proper input validation and sandboxing of image processing components.
🎯 Exploit Status
Proof of concept available in GitHub references. Requires local access to provide malicious PNG file to vulnerable application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: libpng 1.6.47 or later
Vendor Advisory: https://github.com/pnggroup/libpng/issues/655
Restart Required: Yes
Instructions:
1. Update libpng to version 1.6.47 or later. 2. For Linux: Use package manager (apt-get update && apt-get upgrade libpng, yum update libpng, etc.). 3. For Windows: Download updated version from libpng.org. 4. Recompile applications using libpng if statically linked. 5. Restart affected services.
🔧 Temporary Workarounds
Input validation for PNG files
allImplement strict validation of PNG files before processing with libpng
Sandbox image processing
allRun PNG processing in isolated containers or sandboxes to limit impact
🧯 If You Can't Patch
- Implement strict file upload controls to prevent malicious PNG files
- Monitor for application crashes related to PNG processing and investigate anomalies
🔍 How to Verify
Check if Vulnerable:
Check libpng version: pngcrush -version or check package manager. Look for versions 1.6.43-1.6.46.Check Version:
pngcrush -version 2>&1 | grep libpng || dpkg -l | grep libpng || rpm -qa | grep libpngVerify Fix Applied:
Verify libpng version is 1.6.47 or later. Test with known vulnerable PNG files to ensure no crash.📡 Detection & Monitoring
Log Indicators:
- Application crashes when processing PNG files
- Segmentation faults in libpng-related processes
- Unexpected termination of image processing services
Network Indicators:
- Unusual PNG file uploads to applications
- Multiple failed PNG processing attempts
SIEM Query:
source="application_logs" AND ("segmentation fault" OR "SIGSEGV") AND "libpng"