PT-2016-3254 · Libpng+3 · Libpng+3
Patrick Keshishian
·
Publicado
2016-12-29
·
Atualizado
2024-09-06
·
CVE-2016-10087
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
libpng versions 0.71 through 1.0.66
libpng versions 1.2.x through 1.2.56
libpng versions 1.4.x through 1.4.19
libpng versions 1.5.x through 1.5.27
libpng versions 1.6.x through 1.6.26
Description
The issue is related to a null pointer dereference in the
png set text 2 function of the libpng library. This can be exploited by a remote attacker to cause a denial of service by loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.Recommendations
For libpng versions 0.71 through 1.0.66, update to version 1.0.67 or later.
For libpng versions 1.2.x through 1.2.56, update to version 1.2.57 or later.
For libpng versions 1.4.x through 1.4.19, update to version 1.4.20 or later.
For libpng versions 1.5.x through 1.5.27, update to version 1.5.28 or later.
For libpng versions 1.6.x through 1.6.26, update to version 1.6.27 or later.
Correção
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Suse
Ubuntu
Libpng