CVE-2016-10087
Published: 01/30/2017 22:59:00
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
HIGH
CVSS v3: 7.5
CVSS v3: 7.5
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.4 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.4.0 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.3 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.2.1 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.2 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 24.1 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 23.3 | libpng (1.6.40) | Not Affected | Code Not Present | 1.6.40 does not match CVE configuration. |
| 23.2.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 23.2 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 23.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 22.4 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 22.3 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 22.2 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 22.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.11.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.11 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.8.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.8 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.5.1 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.5.0 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 21.2.0 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 11.4.20 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 11.4.19.3667 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 11.4.18.3599 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 11.4.17 | libpng (1.6.37) | Not Affected | Code Not Present | 1.6.37 does not match CVE configuration. |
| 11.4.16.3445 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.15.3368 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.14.3263 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.13.3179 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.12.3054 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.11.3040 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.11.2990 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.10.2934 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.9.2878 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
| 11.4.8.2822 | libpng (1.6.28) | Not Affected | Code Not Present | 1.6.28 does not match CVE configuration. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
7.5
Base Severity
HIGH
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version
3.0