CVE-2016-10087

Priority
Description
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before
1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27
allows context-dependent attackers to cause a NULL pointer dereference
vectors involving loading a text chunk into a png structure, removing the
text, and then adding another text chunk to the structure.
Notes
 ratliff> "has existed in libpng since version 0.71 of June 26, 1995"
 chrisccoulson> Looks like this code is #ifdef'd out of Firefox and
  Thunderbirdhidden because it's behind a PNG_TEXT_SUPPORTED define, which
  isn't enabled
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system libpng])
Trusty/esm:DNE (trusty was not-affected [uses system libpng])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system libpng)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system libpng)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (uses system libpng)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system libpng)
Ubuntu 19.10 (Eoan):not-affected (uses system libpng)
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected)
Trusty/esm:DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.2.46-3ubuntu4.3)
Trusty/esm:released (1.2.50-1ubuntu2.14.04.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.2.54-1ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (1.6.27-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Trusty/esm:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.6.27-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1.6.27-1)
Ubuntu 19.04 (Disco Dingo):not-affected (1.6.27-1)
Ubuntu 19.10 (Eoan):not-affected (1.6.27-1)
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected)
Trusty/esm:DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
More Information

Updated: 2019-04-26 14:16:17 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)