CVE-2016-10087 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-10087 PUBLISHED

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

EPSS 0.93% · 75.9th percentile

Risk Scores

EPSS Score

0.93%

75.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	libpng	0, 1.2.51-0ubuntu3, 1.2.54-1
Ubuntu:14.04:LTS	libpng	1.2.50-1ubuntu2, 1.2.50-1ubuntu2.14.04.1, 1.2.50-1ubuntu2.14.04.2
Ubuntu:Pro:16.04:LTS	libpng1.6	0, 1.6.20-2, 1.6.20-2ubuntu0.1~esm1

Timeline

Jan 30, 2017 CVE Published
Jun 29, 2021 CVE Updated
Feb 4, 2022 EPSS Score
Mar 17, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 7, 2025 EPSS Score
Apr 17, 2025 EPSS Score
Apr 18, 2025 EPSS Score
Apr 19, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2016-10087 third-party-advisory
https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba third-party-advisory
https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb third-party-advisory
https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ third-party-advisory
http://www.openwall.com/lists/oss-security/2016/12/30/4 third-party-advisory
https://ubuntu.com/security/notices/USN-3712-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3712-2 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2016-10087 third-party-advisory

Open in Interactive Console →