CVE-2025-28164 is a buffer overflow vulnerability identified in the libpng library versions 1.6.43 through 1.6.46, specifically within the png_create_read_struct() function. Libpng is a widely used open-source library for handling PNG image files, integrated into numerous applications and systems for image processing. The vulnerability arises from improper bounds checking or memory handling in this function, allowing a local attacker with low privileges to trigger a buffer overflow condition. This overflow can lead to a denial of service (DoS) by crashing the application or system component that uses libpng to process PNG images. The CVSS 3.1 base score is 5.5, indicating medium severity, with the attack vector being local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and impacting availability only (A:H). There is no impact on confidentiality or integrity. No public exploits have been reported, and no patches are currently linked, suggesting the vulnerability is either newly disclosed or not yet widely exploited. The CWE classification is CWE-120, which corresponds to classic buffer overflow issues. Since libpng is embedded in many software products, the vulnerability could affect a broad range of applications, especially those processing PNG images locally. The lack of remote exploitability limits the threat to scenarios where an attacker has local access, such as compromised user accounts or insider threats. The vulnerability's exploitation could disrupt services that rely on image processing, potentially causing application crashes or system instability.

For European organizations, the primary impact of CVE-2025-28164 is on availability. Systems and applications that utilize the vulnerable libpng versions for PNG image processing could experience crashes or denial of service conditions when processing crafted or malformed PNG files locally. This could affect desktop applications, image processing tools, content management systems, or any software embedding libpng. While the vulnerability does not compromise confidentiality or integrity, service disruptions could impact business operations, especially in sectors relying heavily on image processing such as media, publishing, design, and software development. The requirement for local access reduces the risk of widespread remote attacks but increases the importance of internal security controls to prevent unauthorized local access. Organizations with large user bases or shared environments (e.g., terminal servers, developer workstations) may face higher risk if attackers can leverage this vulnerability to cause denial of service. The absence of known exploits in the wild currently limits immediate risk, but the medium severity score warrants timely attention to prevent potential future exploitation. European organizations should also consider the impact on embedded systems or specialized industrial applications that use libpng internally.

1. Monitor official libpng project channels and vendor advisories for patches addressing CVE-2025-28164 and apply updates promptly once available. 2. Until patches are released, restrict local access to systems running vulnerable libpng versions to trusted users only, minimizing the risk of local exploitation. 3. Employ application whitelisting and endpoint protection solutions to detect and prevent execution of untrusted or malicious code that could exploit this vulnerability. 4. Conduct internal audits to identify all instances of libpng usage across software and systems, including embedded devices, to assess exposure. 5. Implement strict user privilege management to limit the ability of low-privilege users to execute or trigger vulnerable code paths. 6. Use sandboxing or containerization for applications processing untrusted PNG files to contain potential crashes and prevent system-wide impact. 7. Incorporate fuzz testing and static code analysis in development pipelines to detect similar buffer overflow issues proactively. 8. Educate IT and security teams about the vulnerability to ensure rapid response and mitigation in case of exploitation attempts.