Vulnerabilities > CVE-2016-10087 - NULL Pointer Dereference vulnerability in Libpng

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
libpng
CWE-476
nessus

Summary

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

Vulnerable Configurations

Part Description Count
Application
Libpng
250

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2016-365-01.NASL
    descriptionNew libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id96179
    published2017-01-03
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96179
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libpng (SSA:2016-365-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2016-365-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96179);
      script_version("$Revision: 3.2 $");
      script_cvs_date("$Date: 2017/09/21 13:38:14 $");
    
      script_cve_id("CVE-2016-10087");
      script_xref(name:"SSA", value:"2016-365-01");
    
      script_name(english:"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libpng (SSA:2016-365-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New libpng packages are available for Slackware 13.0, 13.1, 13.37,
    14.0, 14.1, 14.2, and -current to fix a security issue."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2a599f8f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpng package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libpng");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"13.0", pkgname:"libpng", pkgver:"1.2.57", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++;
    if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"libpng", pkgver:"1.2.57", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++;
    
    if (slackware_check(osver:"13.1", pkgname:"libpng", pkgver:"1.4.20", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++;
    if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"libpng", pkgver:"1.4.20", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++;
    
    if (slackware_check(osver:"13.37", pkgname:"libpng", pkgver:"1.4.20", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++;
    if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"libpng", pkgver:"1.4.20", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++;
    
    if (slackware_check(osver:"14.0", pkgname:"libpng", pkgver:"1.4.20", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"libpng", pkgver:"1.4.20", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"libpng", pkgver:"1.4.20", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"libpng", pkgver:"1.4.20", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"14.2", pkgname:"libpng", pkgver:"1.6.27", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"libpng", pkgver:"1.6.27", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"libpng", pkgver:"1.6.27", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"libpng", pkgver:"1.6.27", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1951.NASL
    descriptionAccording to the versions of the libpng package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.(CVE-2016-10087) - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2017-12652) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128954
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128954
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : libpng (EulerOS-SA-2019-1951)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-441.NASL
    descriptionThis update for libpng12 fixes the following issues : Security issues fixed : - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-04-06
    plugin id99211
    published2017-04-06
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99211
    titleopenSUSE Security Update : libpng12 (openSUSE-2017-441)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1810.NASL
    descriptionAccording to the version of the libpng packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.(CVE-2016-10087) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-08-23
    plugin id128102
    published2019-08-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128102
    titleEulerOS 2.0 SP5 : libpng (EulerOS-SA-2019-1810)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-1A7E14D084.NASL
    descriptionThis update fixes an old NULL pointer dereference bug in png_set_text_2() discovered and patched by Patrick Keshishian (CVE-2016-10087). The potential
    last seen2020-06-05
    modified2017-01-10
    plugin id96350
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96350
    titleFedora 24 : libpng10 (2016-1a7e14d084)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-BAD9942E42.NASL
    description - Update to upstream release **1.2.57**. - Fixes **CVE-2016-10087**. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-17
    plugin id99416
    published2017-04-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99416
    titleFedora 25 : libpng12 (2017-bad9942e42)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-A4B06A036B.NASL
    descriptionThis update fixes an old NULL pointer dereference bug in png_set_text_2() discovered and patched by Patrick Keshishian (CVE-2016-10087). The potential
    last seen2020-06-05
    modified2017-01-10
    plugin id96353
    published2017-01-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96353
    titleFedora 25 : libpng10 (2016-a4b06a036b)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-1D305FA070.NASL
    description - Update to upstream release **1.2.57**. - Fixes **CVE-2016-10087**. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101582
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101582
    titleFedora 26 : libpng12 (2017-1d305fa070)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3712-1.NASL
    descriptionPatrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10087) Thuan Pham discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-13785). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111040
    published2018-07-12
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111040
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : libpng, libpng1.6 vulnerabilities (USN-3712-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1117.NASL
    descriptionAccording to the version of the libpng packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.(CVE-2016-10087) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123591
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123591
    titleEulerOS 2.0 SP2 : libpng (EulerOS-SA-2019-1117)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0853-1.NASL
    descriptionThis update for libpng16 fixes the following issues: Security issues fixed : - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99085
    published2017-03-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99085
    titleSUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2017:0853-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-443.NASL
    descriptionThis update for libpng16 fixes the following issues : Security issues fixed : - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-04-06
    plugin id99213
    published2017-04-06
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99213
    titleopenSUSE Security Update : libpng16 (openSUSE-2017-443)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-84BC8AC268.NASL
    description - Update to upstream release **1.2.57**. - Fixes **CVE-2016-10087**. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-17
    plugin id99412
    published2017-04-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99412
    titleFedora 24 : libpng12 (2017-84bc8ac268)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-66FD940572.NASL
    description - Update to upstream release **1.5.28**. - Fixes **CVE-2016-10087**. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-13
    plugin id99319
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99319
    titleFedora 24 : libpng15 (2017-66fd940572)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-CF1944F480.NASL
    description - Update to upstream release **1.5.28**. - Fixes **CVE-2016-10087**. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-13
    plugin id99322
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99322
    titleFedora 25 : libpng15 (2017-cf1944f480)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0860-1.NASL
    descriptionThis update for libpng12 fixes the following issues: Security issues fixed : - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99088
    published2017-03-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99088
    titleSUSE SLED12 / SLES12 Security Update : libpng12 (SUSE-SU-2017:0860-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0950-1.NASL
    descriptionThis update for libpng15 fixes the following issues: Security issues fixed : - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99243
    published2017-04-07
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99243
    titleSUSE SLED12 / SLES12 Security Update : libpng15 (SUSE-SU-2017:0950-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-477.NASL
    descriptionThis update for libpng15 fixes the following issues : Security issues fixed : - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2017-04-18
    plugin id99428
    published2017-04-18
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99428
    titleopenSUSE Security Update : libpng15 (openSUSE-2017-477)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0901-1.NASL
    descriptionThis update for libpng12-0 fixes the following issues: Security issues fixed : - CVE-2015-8540: read underflow in libpng (bsc#958791) - CVE-2016-10087: NULL pointer dereference in png_set_text_2() (bsc#1017646) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99165
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99165
    titleSUSE SLES11 Security Update : libpng12-0 (SUSE-SU-2017:0901-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1307.NASL
    descriptionAccording to the version of the libpng packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.(CVE-2016-10087) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-01
    plugin id124434
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124434
    titleEulerOS 2.0 SP3 : libpng (EulerOS-SA-2019-1307)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-74.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-74 (libpng: Remote execution of arbitrary code) A NULL pointer dereference was discovered in libpng in the png_push_save_buffer function. In order to be vulnerable, an application has to load a text chunk into the PNG structure, then delete all text, then add another text chunk to the same PNG structure, which seems to be an unlikely sequence, but it is possible. Impact : A remote attacker, by enticing a user to process a specially crafted PNG file, could execute arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96860
    published2017-01-30
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96860
    titleGLSA-201701-74 : libpng: Remote execution of arbitrary code