Libpng · Libpng · CVE-2016-10087
**Name of the Vulnerable Software and Affected Versions**
libpng versions 0.71 through 1.0.66
libpng versions 1.2.x through 1.2.56
libpng versions 1.4.x through 1.4.19
libpng versions 1.5.x through 1.5.27
libpng versions 1.6.x through 1.6.26
**Description**
The issue is related to a null pointer dereference in the `png set text 2` function of the libpng library. This can be exploited by a remote attacker to cause a denial of service by loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
**Recommendations**
For libpng versions 0.71 through 1.0.66, update to version 1.0.67 or later.
For libpng versions 1.2.x through 1.2.56, update to version 1.2.57 or later.
For libpng versions 1.4.x through 1.4.19, update to version 1.4.20 or later.
For libpng versions 1.5.x through 1.5.27, update to version 1.5.28 or later.
For libpng versions 1.6.x through 1.6.26, update to version 1.6.27 or later.