PT-2016-3254 · Libpng+3 · Libpng+3
Patrick Keshishian
·
Published
2016-12-29
·
Updated
2024-09-06
·
CVE-2016-10087
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
libpng versions 0.71 through 1.0.66
libpng versions 1.2.x through 1.2.56
libpng versions 1.4.x through 1.4.19
libpng versions 1.5.x through 1.5.27
libpng versions 1.6.x through 1.6.26
Description
The issue is related to a null pointer dereference in the
png set text 2 function of the libpng library. This can be exploited by a remote attacker to cause a denial of service by loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.Recommendations
For libpng versions 0.71 through 1.0.66, update to version 1.0.67 or later.
For libpng versions 1.2.x through 1.2.56, update to version 1.2.57 or later.
For libpng versions 1.4.x through 1.4.19, update to version 1.4.20 or later.
For libpng versions 1.5.x through 1.5.27, update to version 1.5.28 or later.
For libpng versions 1.6.x through 1.6.26, update to version 1.6.27 or later.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Suse
Ubuntu
Libpng