PT-2016-2468 · Png Development+1 · Libpng+1
Published
2016-07-11
·
Updated
2024-07-19
·
CVE-2016-3751
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
libpng versions prior to 1.6.20
Android versions prior to 4.4.4
Android 5.0.x versions prior to 5.0.2
Android 5.1.x versions prior to 5.1.1
Android 6.x versions prior to 2016-07-01
Description
The issue is related to errors in the libpng library code, which can be exploited by a remote attacker to gain elevated privileges using a specially crafted application. This can allow attackers to obtain Signature or SignatureOrSystem access.
Recommendations
For libpng versions prior to 1.6.20, update to version 1.6.20 or later.
For Android versions prior to 4.4.4, update to version 4.4.4 or later.
For Android 5.0.x versions prior to 5.0.2, update to version 5.0.2 or later.
For Android 5.1.x versions prior to 5.1.1, update to version 5.1.1 or later.
For Android 6.x versions prior to 2016-07-01, update to a version released after 2016-07-01.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Libpng