CVE-2016-10087 — NULL Pointer Dereference in Libpng
Severity
7.5HIGHNVD
EPSS
0.9%
top 23.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 30
Latest updateOct 8
Description
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
🔴Vulnerability Details
4📋Vendor Advisories
5📄Research Papers
1💬Community
8Bugzilla▶
CVE-2016-10087 libpng10: libpng: NULL pointer dereference in png_set_text_2() [fedora-all]↗2017-01-02
Bugzilla▶
CVE-2016-10087 libpng12: libpng: NULL pointer dereference in png_set_text_2() [fedora-all]↗2017-01-02
Bugzilla▶
CVE-2016-10087 mingw-libpng: libpng: NULL pointer dereference in png_set_text_2() [epel-7]↗2017-01-02
Bugzilla▶
CVE-2016-10087 mingw-libpng: libpng: NULL pointer dereference in png_set_text_2() [fedora-all]↗2017-01-02
Bugzilla
▶