CVE-2016-10087

Published: 30 January 2017

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(uses system libpng)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(uses system libpng)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(uses system libpng)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(uses system libpng)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [uses system libpng])
firefox
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
libpng
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.2.54-1ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.2.50-1ubuntu2.14.04.3)
libpng1.6
Launchpad, Ubuntu, Debian
Upstream
Released (1.6.27-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.6.27-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.6.27-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.6.27-1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

thunderbird
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)