Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
rootio-libpng1.6: Malicious Image Files Can Execute Arbitrary Code
ROOT-OS-DEBIAN-12-CVE-2025-28162
Summary
A bug in the rootio-libpng1.6 library could allow hackers to execute malicious code if a specially crafted image file is opened. This affects users of Root:Debian:12. To stay safe, update to the patched version of rootio-libpng1.6 as soon as possible.
What to do
- Update rootio-libpng1.6 to version 1.6.39-2+deb12u1.root.io.18.
- Update rootio-libpng1.6 to version 1.6.39-2+deb12u4.root.io.19.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:Debian:12 | – | rootio-libpng1.6 |
< 1.6.39-2+deb12u1.root.io.18 < 1.6.39-2+deb12u4.root.io.19 Fix: upgrade to 1.6.39-2+deb12u1.root.io.18
|
Original title
CVE-2025-28162 in rootio-libpng1.6 - Patched by Root
Original description
Root has patched CVE-2025-28162 in the rootio-libpng1.6 package for Root:Debian:12. Multiple fixed versions available.
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 31 Mar 2026