Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2016-10087

Published: 30/01/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libpng

Vulnerability Summary

The png_set_text_2 function in libpng 0.71 prior to 1.0.67, 1.2.x prior to 1.2.57, 1.4.x prior to 1.4.20, 1.5.x prior to 1.5.28, and 1.6.x prior to 1.6.27 allows context-dependent malicious users to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libpng libpng 1.0.5g

libpng libpng 1.0.37

libpng libpng 0.99e

libpng libpng 0.98

libpng libpng 1.0.4d

libpng libpng 1.0.41

libpng libpng 1.0.0b

libpng libpng 1.0.1b

libpng libpng 1.0.46

libpng libpng 0.99d

libpng libpng 1.0.4c

libpng libpng 1.0.65

libpng libpng 1.0.5t

libpng libpng 1.0.1

libpng libpng 1.0.4e

libpng libpng 1.0.1c

libpng libpng 1.0.8

libpng libpng 0.81

libpng libpng 1.0.5n

libpng libpng 0.88

libpng libpng 1.0.6f

libpng libpng 1.0.5k

libpng libpng 1.0.14

libpng libpng 0.8

libpng libpng 1.0.5q

libpng libpng 0.99f

libpng libpng 1.0.17

libpng libpng 1.0.35

libpng libpng 0.85

libpng libpng 1.0.4

libpng libpng 1.0.52

libpng libpng 0.95

libpng libpng 1.0.27

libpng libpng 1.0.22

libpng libpng 0.89c

libpng libpng 1.0.11

libpng libpng 1.0.20

libpng libpng 1.0.55

libpng libpng 1.0.9

libpng libpng 1.0.13

libpng libpng 0.86

libpng libpng 1.0.44

libpng libpng 1.0.5c

libpng libpng 1.0.6

libpng libpng 1.0.5d

libpng libpng 1.0.32

libpng libpng 0.90

libpng libpng 1.0.50

libpng libpng 1.0.0a

libpng libpng 1.0.5a

libpng libpng 1.0.5p

libpng libpng 1.0.34

libpng libpng 0.99a

libpng libpng 1.0.25

libpng libpng 1.0.21

libpng libpng 1.0.5f

libpng libpng 1.0.5i

libpng libpng 1.0.43

libpng libpng 1.0.38

libpng libpng 1.0.3

libpng libpng 1.0.40

libpng libpng 1.0.51

libpng libpng 1.0.4f

libpng libpng 1.0.18

libpng libpng 1.0.6i

libpng libpng 1.0.5v

libpng libpng 1.0.1e

libpng libpng 1.0.4b

libpng libpng 1.0.5l

libpng libpng 1.0.64

libpng libpng 1.0.54

libpng libpng 1.0.7

libpng libpng 1.0.6h

libpng libpng 1.0.5s

libpng libpng 1.0.16

libpng libpng 1.0.59

libpng libpng 1.0.2

libpng libpng 1.0.2a

libpng libpng 1.0.5

libpng libpng 1.0.3b

libpng libpng 1.0.29

libpng libpng 1.0.56

libpng libpng 1.0.39

libpng libpng 1.0.42

libpng libpng 1.0.24

libpng libpng 1.0.61

libpng libpng 0.99c

libpng libpng 0.99h

libpng libpng 1.0.5r

libpng libpng 1.0.5b

libpng libpng 1.0.12

libpng libpng 1.0.15

libpng libpng 1.0.6e

libpng libpng 1.0.19

libpng libpng 1.0.57

libpng libpng 1.0.62

libpng libpng 1.0.5m

libpng libpng 0.99g

libpng libpng 0.87

libpng libpng 1.0.28

libpng libpng 1.0.47

libpng libpng 1.0.6g

libpng libpng 1.0.48

libpng libpng 1.0.66

libpng libpng 1.0.3a

libpng libpng 0.97

libpng libpng 1.0.45

libpng libpng 1.0.5j

libpng libpng 1.0.26

libpng libpng 1.0.1a

libpng libpng 1.0.1d

libpng libpng 1.0.60

libpng libpng 1.0.5h

libpng libpng 1.0.6j

libpng libpng 0.89

libpng libpng 1.0.33

libpng libpng 1.0.0

libpng libpng 1.0.3d

libpng libpng 1.0.4a

libpng libpng 1.0.5o

libpng libpng 1.0.53

libpng libpng 1.0.23

libpng libpng 1.0.63

libpng libpng 0.82

libpng libpng 1.00

libpng libpng 1.0.30

libpng libpng 1.0.5u

libpng libpng 1.0.10

libpng libpng 1.0.31

libpng libpng 0.71

libpng libpng 0.99

libpng libpng 1.0.58

libpng libpng 1.0.6d

libpng libpng 0.99b

libpng libpng 0.96

libpng libpng 1.0.5e

libpng libpng 1.2.14

libpng libpng 1.2.33

libpng libpng 1.2.16

libpng libpng 1.2.35

libpng libpng 1.2.29

libpng libpng 1.2.26

libpng libpng 1.2.54

libpng libpng 1.2.46

libpng libpng 1.2.4

libpng libpng 1.2.22

libpng libpng 1.2.39

libpng libpng 1.2.55

libpng libpng 1.2.50

libpng libpng 1.2.56

libpng libpng 1.2.44

libpng libpng 1.2.0

libpng libpng 1.2.12

libpng libpng 1.2.47

libpng libpng 1.2.27

libpng libpng 1.2.18

libpng libpng 1.2.21

libpng libpng 1.2.20

libpng libpng 1.2.10

libpng libpng 1.2.38

libpng libpng 1.2.41

libpng libpng 1.2.8

libpng libpng 1.2.32

libpng libpng 1.2.3

libpng libpng 1.2.1

libpng libpng 1.2.13

libpng libpng 1.2.53

libpng libpng 1.2.45

libpng libpng 1.2.51

libpng libpng 1.2.6

libpng libpng 1.2.52

libpng libpng 1.2.24

libpng libpng 1.2.25

libpng libpng 1.2.37

libpng libpng 1.2.42

libpng libpng 1.4.9

libpng libpng 1.4.12

libpng libpng 1.4.11

libpng libpng 1.4.15

libpng libpng 1.4.4

libpng libpng 1.4.7

libpng libpng 1.4.1

libpng libpng 1.4.10

libpng libpng 1.4.2

libpng libpng 1.4.18

libpng libpng 1.4.0

libpng libpng 1.4.13

libpng libpng 1.4.6

libpng libpng 1.4.5

libpng libpng 1.4.3

libpng libpng 1.4.16

libpng libpng 1.4.8

libpng libpng 1.4.14

libpng libpng 1.4.17

libpng libpng 1.4.19

libpng libpng 1.5.14

libpng libpng 1.5.26

libpng libpng 1.5.27

libpng libpng 1.5.8

libpng libpng 1.5.10

libpng libpng 1.5.23

libpng libpng 1.5.7

libpng libpng 1.5.1

libpng libpng 1.5.20

libpng libpng 1.5.19

libpng libpng 1.5.9

libpng libpng 1.5.12

libpng libpng 1.5.21

libpng libpng 1.5.5

libpng libpng 1.5.15

libpng libpng 1.5.3

libpng libpng 1.5.17

libpng libpng 1.5.4

libpng libpng 1.5.6

libpng libpng 1.5.11

libpng libpng 1.5.2

libpng libpng 1.5.22

libpng libpng 1.5.18

libpng libpng 1.5.0

libpng libpng 1.5.24

libpng libpng 1.5.16

libpng libpng 1.5.25

libpng libpng 1.5.13

libpng libpng 1.6.25

libpng libpng 1.6.0

libpng libpng 1.6.1

libpng libpng 1.6.3

libpng libpng 1.6.8

libpng libpng 1.6.24

libpng libpng 1.6.12

libpng libpng 1.6.10

libpng libpng 1.6.17

libpng libpng 1.6.22

libpng libpng 1.6.23

libpng libpng 1.6.6

libpng libpng 1.6.15

libpng libpng 1.6.14

libpng libpng 1.6.7

libpng libpng 1.6.9

libpng libpng 1.6.18

libpng libpng 1.6.4

libpng libpng 1.6.11

libpng libpng 1.6.21

libpng libpng 1.6.2

libpng libpng 1.6.13

libpng libpng 1.6.26

libpng libpng 1.6.5

libpng libpng 1.6.19

libpng libpng 1.6.16

libpng libpng 1.6.20

Vendor Advisories

Debian CVElist Bug Report Logs: libpng1.6: CVE-2016-10087: NULL pointer dereference in png_set_text_2()
Debian Bug report logs - #849799 libpng16: CVE-2016-10087: NULL pointer dereference in png_set_text_2() Package: src:libpng16; Maintainer for src:libpng16 is Maintainers of libpng16 packages <libpng16@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 31 Dec 2016 07:15:02 UTC ...
Ubuntu Security Notice: libpng, libpng1.6 vulnerabilities
Several security issues were fixed in libpng ...
Ubuntu Security Notice: libpng vulnerability
libpng could be made to crash if it received a specially crafted file ...
Arch Linux Issues:
A NULL-pointer dereference issue has been found in png_set_text_2() in libpng To be vulnerable, an application has to load a text chunk into the png structure, then delete all text, then add another text chunk to the same png structure ...

Recent Articles

Libpng library gets fix for truly ancient bug
The Register • Richard Chirgwin • 03 Jan 2017

Where were you in June 1995? Coding image libraries? Let's have a chat

Slackware has raced out of the blocks in 2017, issuing one patch for the libpng image library on New Year's Day, and two Mozilla patches. The libpng bug got its Common Vulnerabilities and Exposures number, CVE-2016-10087, on December 30. Slackware's announcement says the bug can't be exploited without active user input. The “unlikely sequence” of events to exploit the NULL dereference bug is as follows: first, an application load a text chunk into the png structure; second, it deletes all te...

Read more...

References

CWE-476http://www.openwall.com/lists/oss-security/2016/12/30/4http://www.openwall.com/lists/oss-security/2016/12/29/2http://www.securityfocus.com/bid/95157https://security.gentoo.org/glsa/201701-74https://usn.ubuntu.com/3712-2/https://usn.ubuntu.com/3712-1/https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799https://nvd.nist.govhttps://usn.ubuntu.com/3712-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook