New issue
Advanced search Search tips

Issue 697395 link

Starred by 1 user
Status: Duplicate
Merged: issue 697394
Owner: ----
Closed: Mar 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug-Security



Sign in to add a comment

Chromium: Vulnerability reported in libpng

Project Member Reported by vomit.go...@appspot.gserviceaccount.com, Mar 1 2017 
Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: libpng
Package Version: [cpe:/a:libpng:libpng:1.2.45]

Advisory: CVE-2016-10087
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-10087
  CVSS severity score: 5/10.0
  Confidence: high
  Description:

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

Comment 1 by vakh@chromium.org, Mar 1 2017

Mergedinto: 697394
Status: Duplicate (was: Unconfirmed)
Project Member

Comment 2 by sheriffbot@chromium.org, Aug 27 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment