VDB
CVE-2016-10087
CVE-2016-10087
PUBLISHED
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
EPSS 0.93% · 76.4th percentile
Risk Scores
EPSS Score
0.93%
76.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | libpng | 0, 1.2.51-0ubuntu3, 1.2.54-1 |
| Ubuntu:14.04:LTS | libpng | 1.2.50-1ubuntu2, 1.2.50-1ubuntu2.14.04.1, 1.2.50-1ubuntu2.14.04.2 |
| Ubuntu:Pro:16.04:LTS | libpng1.6 | 1.6.20-2, 1.6.20-2ubuntu0.1~esm1, 1.6.20-2ubuntu0.1~esm2 |
Timeline
- Jan 30, 2017 CVE Published
- Jun 29, 2021 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
- Apr 17, 2025 EPSS Score
- Apr 18, 2025 EPSS Score
- Apr 19, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-10087 third-party-advisory
- https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba third-party-advisory
- https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb third-party-advisory
- https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ third-party-advisory
- http://www.openwall.com/lists/oss-security/2016/12/30/4 third-party-advisory
- https://ubuntu.com/security/notices/USN-3712-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3712-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-10087 third-party-advisory