{"id": "FEDORA:622CE6075B35", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 25 Update: libpng10-1.0.67-1.fc25", "description": "The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x. ", "published": "2017-01-07T21:50:49", "modified": "2017-01-07T21:50:49", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2016-10087"], "lastseen": "2020-12-21T08:17:53", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-10087"]}, {"type": "fedora", "idList": ["FEDORA:733E460478DA", "FEDORA:EA5B8605E178", "FEDORA:D67936075EEE", "FEDORA:12EF860620E5", "FEDORA:4E5E4608B7EA", "FEDORA:5F70B6079A15"]}, {"type": "archlinux", "idList": ["ASA-201701-4", "ASA-201701-2", "ASA-201701-5", "ASA-201701-6"]}, {"type": "slackware", "idList": ["SSA-2016-365-01"]}, {"type": "gentoo", "idList": ["GLSA-201701-74"]}, {"type": "ubuntu", "idList": ["USN-3712-1", "USN-3712-2"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872570", "OPENVAS:1361412562310872563", "OPENVAS:1361412562310872564", "OPENVAS:1361412562311220191117", "OPENVAS:1361412562310872247", "OPENVAS:1361412562310872573", "OPENVAS:1361412562310872230", "OPENVAS:1361412562311220191951", "OPENVAS:1361412562311220191810", "OPENVAS:1361412562311220191307"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1117.NASL", "FEDORA_2017-1D305FA070.NASL", "EULEROS_SA-2019-1307.NASL", "GENTOO_GLSA-201701-74.NASL", "SLACKWARE_SSA_2016-365-01.NASL", "OPENSUSE-2017-443.NASL", "FEDORA_2017-84BC8AC268.NASL", "FEDORA_2016-A4B06A036B.NASL", "FEDORA_2017-BAD9942E42.NASL", "FEDORA_2016-1A7E14D084.NASL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:5EFB3C0BFEF3ED0FAC75ED9EF0994C4E"]}], "modified": "2020-12-21T08:17:53", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2020-12-21T08:17:53", "rev": 2}, "vulnersScore": 5.1}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "25", "arch": "any", "packageName": "libpng10", "packageVersion": "1.0.67", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-10-03T12:10:39", "description": "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-01-30T22:59:00", "title": "CVE-2016-10087", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10087"], "modified": "2018-07-13T01:29:00", "cpe": ["cpe:/a:libpng:libpng:0.99e", "cpe:/a:libpng:libpng:1.0.5q", "cpe:/a:libpng:libpng:0.96", "cpe:/a:libpng:libpng:1.0.6g", "cpe:/a:libpng:libpng:1.2.26", "cpe:/a:libpng:libpng:1.0.33", "cpe:/a:libpng:libpng:1.2.16", "cpe:/a:libpng:libpng:1.0.60", "cpe:/a:libpng:libpng:1.0.11", "cpe:/a:libpng:libpng:1.0.1d", "cpe:/a:libpng:libpng:1.0.5l", "cpe:/a:libpng:libpng:1.0.41", "cpe:/a:libpng:libpng:1.0.51", "cpe:/a:libpng:libpng:1.4.15", "cpe:/a:libpng:libpng:1.2.22", "cpe:/a:libpng:libpng:1.0.19", "cpe:/a:libpng:libpng:1.5.0", "cpe:/a:libpng:libpng:1.0.65", "cpe:/a:libpng:libpng:1.5.19", "cpe:/a:libpng:libpng:1.0.2a", "cpe:/a:libpng:libpng:1.5.12", "cpe:/a:libpng:libpng:1.2.13", "cpe:/a:libpng:libpng:1.5.11", "cpe:/a:libpng:libpng:0.99g", "cpe:/a:libpng:libpng:1.0.5r", "cpe:/a:libpng:libpng:1.0.4b", "cpe:/a:libpng:libpng:1.0.58", "cpe:/a:libpng:libpng:1.0.23", "cpe:/a:libpng:libpng:1.0.31", "cpe:/a:libpng:libpng:0.99b", "cpe:/a:libpng:libpng:1.0.16", "cpe:/a:libpng:libpng:1.6.22", "cpe:/a:libpng:libpng:1.0.5p", "cpe:/a:libpng:libpng:1.0.6i", "cpe:/a:libpng:libpng:1.0.0b", "cpe:/a:libpng:libpng:1.6.6", "cpe:/a:libpng:libpng:1.6.24", "cpe:/a:libpng:libpng:1.6.1", "cpe:/a:libpng:libpng:1.2.24", "cpe:/a:libpng:libpng:1.2.54", "cpe:/a:libpng:libpng:1.4.19", "cpe:/a:libpng:libpng:1.0.5d", "cpe:/a:libpng:libpng:1.0.6h", "cpe:/a:libpng:libpng:1.0.32", "cpe:/a:libpng:libpng:0.88", "cpe:/a:libpng:libpng:1.0.3a", "cpe:/a:libpng:libpng:1.0.20", "cpe:/a:libpng:libpng:1.0.4", "cpe:/a:libpng:libpng:1.0.45", "cpe:/a:libpng:libpng:0.95", "cpe:/a:libpng:libpng:1.6.3", "cpe:/a:libpng:libpng:1.5.9", "cpe:/a:libpng:libpng:1.2.33", "cpe:/a:libpng:libpng:1.0.22", "cpe:/a:libpng:libpng:1.2.6", "cpe:/a:libpng:libpng:0.99c", "cpe:/a:libpng:libpng:1.0.5m", "cpe:/a:libpng:libpng:1.2.47", "cpe:/a:libpng:libpng:1.0.6", "cpe:/a:libpng:libpng:1.2.39", "cpe:/a:libpng:libpng:0.71", "cpe:/a:libpng:libpng:1.0.14", "cpe:/a:libpng:libpng:1.0.27", "cpe:/a:libpng:libpng:1.2.56", "cpe:/a:libpng:libpng:1.6.11", "cpe:/a:libpng:libpng:1.2.53", "cpe:/a:libpng:libpng:1.0.5v", "cpe:/a:libpng:libpng:1.0.46", "cpe:/a:libpng:libpng:0.97", "cpe:/a:libpng:libpng:1.0.24", "cpe:/a:libpng:libpng:1.0.4f", "cpe:/a:libpng:libpng:1.0.4a", "cpe:/a:libpng:libpng:1.0.9", "cpe:/a:libpng:libpng:1.0.6f", "cpe:/a:libpng:libpng:1.2.4", "cpe:/a:libpng:libpng:1.2.27", "cpe:/a:libpng:libpng:1.2.21", "cpe:/a:libpng:libpng:1.0.48", "cpe:/a:libpng:libpng:1.4.10", "cpe:/a:libpng:libpng:1.2.1", "cpe:/a:libpng:libpng:0.89", "cpe:/a:libpng:libpng:1.5.20", "cpe:/a:libpng:libpng:1.0.6e", "cpe:/a:libpng:libpng:1.0.0a", "cpe:/a:libpng:libpng:0.89c", "cpe:/a:libpng:libpng:1.2.14", "cpe:/a:libpng:libpng:1.2.52", "cpe:/a:libpng:libpng:1.0.5b", "cpe:/a:libpng:libpng:1.0.64", "cpe:/a:libpng:libpng:1.6.17", "cpe:/a:libpng:libpng:1.5.13", "cpe:/a:libpng:libpng:1.0.5", "cpe:/a:libpng:libpng:1.5.6", "cpe:/a:libpng:libpng:1.4.18", "cpe:/a:libpng:libpng:1.2.32", "cpe:/a:libpng:libpng:1.4.16", "cpe:/a:libpng:libpng:1.0.55", "cpe:/a:libpng:libpng:1.6.26", "cpe:/a:libpng:libpng:0.87", "cpe:/a:libpng:libpng:1.4.2", "cpe:/a:libpng:libpng:1.5.24", "cpe:/a:libpng:libpng:1.6.7", "cpe:/a:libpng:libpng:1.00", "cpe:/a:libpng:libpng:1.0.52", "cpe:/a:libpng:libpng:1.6.15", "cpe:/a:libpng:libpng:1.2.51", "cpe:/a:libpng:libpng:1.4.0", "cpe:/a:libpng:libpng:1.2.35", "cpe:/a:libpng:libpng:1.0.3b", "cpe:/a:libpng:libpng:1.6.4", "cpe:/a:libpng:libpng:1.5.8", "cpe:/a:libpng:libpng:1.4.12", "cpe:/a:libpng:libpng:1.2.3", "cpe:/a:libpng:libpng:1.2.37", "cpe:/a:libpng:libpng:1.0.5f", "cpe:/a:libpng:libpng:1.0.66", "cpe:/a:libpng:libpng:1.0.53", "cpe:/a:libpng:libpng:1.0.4e", "cpe:/a:libpng:libpng:1.6.21", "cpe:/a:libpng:libpng:1.2.20", "cpe:/a:libpng:libpng:1.2.8", "cpe:/a:libpng:libpng:1.4.7", "cpe:/a:libpng:libpng:1.0.3", "cpe:/a:libpng:libpng:1.0.43", "cpe:/a:libpng:libpng:0.8", "cpe:/a:libpng:libpng:1.4.14", "cpe:/a:libpng:libpng:1.0.28", "cpe:/a:libpng:libpng:1.2.25", "cpe:/a:libpng:libpng:1.4.3", "cpe:/a:libpng:libpng:1.0.34", "cpe:/a:libpng:libpng:1.0.3d", "cpe:/a:libpng:libpng:1.4.4", "cpe:/a:libpng:libpng:1.0.15", "cpe:/a:libpng:libpng:1.0.61", "cpe:/a:libpng:libpng:0.81", "cpe:/a:libpng:libpng:0.99", "cpe:/a:libpng:libpng:0.98", "cpe:/a:libpng:libpng:1.0.5k", "cpe:/a:libpng:libpng:1.5.16", "cpe:/a:libpng:libpng:1.5.5", "cpe:/a:libpng:libpng:1.5.2", "cpe:/a:libpng:libpng:1.4.8", "cpe:/a:libpng:libpng:0.99f", "cpe:/a:libpng:libpng:1.2.45", "cpe:/a:libpng:libpng:1.0.1c", "cpe:/a:libpng:libpng:1.2.42", "cpe:/a:libpng:libpng:1.5.18", "cpe:/a:libpng:libpng:1.0.1b", "cpe:/a:libpng:libpng:1.0.0", "cpe:/a:libpng:libpng:1.0.29", "cpe:/a:libpng:libpng:1.0.5n", "cpe:/a:libpng:libpng:1.4.9", "cpe:/a:libpng:libpng:1.5.25", "cpe:/a:libpng:libpng:0.90", "cpe:/a:libpng:libpng:1.0.5s", "cpe:/a:libpng:libpng:1.6.5", "cpe:/a:libpng:libpng:1.0.54", "cpe:/a:libpng:libpng:1.0.30", "cpe:/a:libpng:libpng:1.0.6j", "cpe:/a:libpng:libpng:1.2.10", "cpe:/a:libpng:libpng:1.0.38", "cpe:/a:libpng:libpng:1.5.26", "cpe:/a:libpng:libpng:1.5.23", "cpe:/a:libpng:libpng:1.6.2", "cpe:/a:libpng:libpng:1.2.55", "cpe:/a:libpng:libpng:1.0.7", "cpe:/a:libpng:libpng:1.0.47", "cpe:/a:libpng:libpng:1.0.59", "cpe:/a:libpng:libpng:1.0.2", "cpe:/a:libpng:libpng:1.2.44", "cpe:/a:libpng:libpng:1.6.16", "cpe:/a:libpng:libpng:1.0.10", "cpe:/a:libpng:libpng:1.5.27", "cpe:/a:libpng:libpng:1.5.1", "cpe:/a:libpng:libpng:1.6.23", "cpe:/a:libpng:libpng:1.5.14", "cpe:/a:libpng:libpng:1.0.35", "cpe:/a:libpng:libpng:1.5.22", "cpe:/a:libpng:libpng:1.0.5e", "cpe:/a:libpng:libpng:1.5.15", "cpe:/a:libpng:libpng:1.6.20", "cpe:/a:libpng:libpng:1.0.39", "cpe:/a:libpng:libpng:1.6.12", "cpe:/a:libpng:libpng:0.99d", "cpe:/a:libpng:libpng:1.5.10", "cpe:/a:libpng:libpng:1.0.63", "cpe:/a:libpng:libpng:1.6.8", "cpe:/a:libpng:libpng:1.6.13", "cpe:/a:libpng:libpng:1.6.9", "cpe:/a:libpng:libpng:1.0.1e", "cpe:/a:libpng:libpng:1.0.42", "cpe:/a:libpng:libpng:1.2.46", "cpe:/a:libpng:libpng:1.0.5i", "cpe:/a:libpng:libpng:1.0.5j", "cpe:/a:libpng:libpng:1.6.19", "cpe:/a:libpng:libpng:1.0.21", "cpe:/a:libpng:libpng:1.0.4c", "cpe:/a:libpng:libpng:1.4.13", "cpe:/a:libpng:libpng:1.0.5a", "cpe:/a:libpng:libpng:1.0.37", "cpe:/a:libpng:libpng:1.6.14", "cpe:/a:libpng:libpng:1.0.56", "cpe:/a:libpng:libpng:0.86", "cpe:/a:libpng:libpng:1.0.8", "cpe:/a:libpng:libpng:1.4.6", "cpe:/a:libpng:libpng:1.0.5g", "cpe:/a:libpng:libpng:0.99h", "cpe:/a:libpng:libpng:1.5.17", "cpe:/a:libpng:libpng:1.4.11", "cpe:/a:libpng:libpng:1.2.12", "cpe:/a:libpng:libpng:1.0.5h", "cpe:/a:libpng:libpng:1.4.1", "cpe:/a:libpng:libpng:1.0.50", "cpe:/a:libpng:libpng:1.2.38", "cpe:/a:libpng:libpng:1.0.6d", "cpe:/a:libpng:libpng:1.6.0", "cpe:/a:libpng:libpng:1.0.5u", "cpe:/a:libpng:libpng:1.5.7", "cpe:/a:libpng:libpng:1.0.5c", "cpe:/a:libpng:libpng:1.0.1a", "cpe:/a:libpng:libpng:1.0.5o", "cpe:/a:libpng:libpng:1.0.4d", "cpe:/a:libpng:libpng:1.0.25", "cpe:/a:libpng:libpng:1.0.57", "cpe:/a:libpng:libpng:1.0.62", "cpe:/a:libpng:libpng:1.0.13", "cpe:/a:libpng:libpng:1.0.5t", "cpe:/a:libpng:libpng:1.2.41", "cpe:/a:libpng:libpng:1.6.10", "cpe:/a:libpng:libpng:1.0.12", "cpe:/a:libpng:libpng:1.5.3", "cpe:/a:libpng:libpng:1.4.5", "cpe:/a:libpng:libpng:0.82", "cpe:/a:libpng:libpng:1.5.4", "cpe:/a:libpng:libpng:1.0.18", "cpe:/a:libpng:libpng:1.2.29", "cpe:/a:libpng:libpng:1.2.18", "cpe:/a:libpng:libpng:1.2.0", "cpe:/a:libpng:libpng:1.0.44", "cpe:/a:libpng:libpng:0.99a", "cpe:/a:libpng:libpng:1.0.26", "cpe:/a:libpng:libpng:1.5.21", "cpe:/a:libpng:libpng:1.6.18", "cpe:/a:libpng:libpng:1.4.17", "cpe:/a:libpng:libpng:1.6.25", "cpe:/a:libpng:libpng:1.0.1", "cpe:/a:libpng:libpng:1.2.50", "cpe:/a:libpng:libpng:1.0.17", "cpe:/a:libpng:libpng:0.85", "cpe:/a:libpng:libpng:1.0.40"], "id": "CVE-2016-10087", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10087", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5c:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.89:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5k:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.98:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.1b:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.23:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5o:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.4a:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.6h:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.58:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.82:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.1c:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.99c:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.20:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.81:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.1e:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.59:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.4c:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.66:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5h:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.4f:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.3a:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.6d:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.56:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.96:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.99d:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5i:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.24:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.0a:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5b:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.2a:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.6j:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.6e:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5d:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.63:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.62:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.4b:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.99g:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.99h:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5l:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.3b:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.99e:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5f:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.6f:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.61:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5u:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.1d:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.60:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.99f:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5s:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5r:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5t:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.6g:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.4d:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.25:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.65:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.89c:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.86:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.99a:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.21:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5e:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5n:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5g:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.71:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5j:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5p:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.99b:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.6i:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.99:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.22:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5q:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.3d:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.87:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.0b:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.97:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.88:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5m:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.85:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.4e:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.5v:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.6.26:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*"]}], "archlinux": [{"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "Arch Linux Security Advisory ASA-201701-5\n=========================================\n\nSeverity: Low\nDate : 2017-01-02\nCVE-ID : CVE-2016-10087\nPackage : lib32-libpng\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-120\n\nSummary\n=======\n\nThe package lib32-libpng before version 1.6.27-1 is vulnerable to\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 1.6.27-1.\n\n# pacman -Syu \"lib32-libpng>=1.6.27-1\"\n\nThe problem has been fixed upstream in version 1.6.27.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA NULL-pointer dereference issue has been found in png_set_text_2() in\nlibpng. To be vulnerable, an application has to load a text chunk into\nthe png structure, then delete all text, then add another text chunk to\nthe same png structure.\n\nImpact\n======\n\nA remote attacker is able to crash the application under certain\ncircumstances.\n\nReferences\n==========\n\nhttp://seclists.org/oss-sec/2016/q4/782\nhttps://security.archlinux.org/CVE-2016-10087", "modified": "2017-01-02T00:00:00", "published": "2017-01-02T00:00:00", "id": "ASA-201701-5", "href": "https://security.archlinux.org/ASA-201701-5", "type": "archlinux", "title": "[ASA-201701-5] lib32-libpng: denial of service", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "Arch Linux Security Advisory ASA-201701-6\n=========================================\n\nSeverity: Low\nDate : 2017-01-02\nCVE-ID : CVE-2016-10087\nPackage : lib32-libpng12\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-121\n\nSummary\n=======\n\nThe package lib32-libpng12 before version 1.2.57-1 is vulnerable to\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 1.2.57-1.\n\n# pacman -Syu \"lib32-libpng12>=1.2.57-1\"\n\nThe problem has been fixed upstream in version 1.2.57.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA NULL-pointer dereference issue has been found in png_set_text_2() in\nlibpng. To be vulnerable, an application has to load a text chunk into\nthe png structure, then delete all text, then add another text chunk to\nthe same png structure.\n\nImpact\n======\n\nA remote attacker is able to crash the application under certain\ncircumstances.\n\nReferences\n==========\n\nhttp://seclists.org/oss-sec/2016/q4/782\nhttps://security.archlinux.org/CVE-2016-10087", "modified": "2017-01-02T00:00:00", "published": "2017-01-02T00:00:00", "id": "ASA-201701-6", "href": "https://security.archlinux.org/ASA-201701-6", "type": "archlinux", "title": "[ASA-201701-6] lib32-libpng12: denial of service", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "Arch Linux Security Advisory ASA-201701-2\n=========================================\n\nSeverity: Low\nDate : 2017-01-01\nCVE-ID : CVE-2016-10087\nPackage : libpng\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-119\n\nSummary\n=======\n\nThe package libpng before version 1.6.27-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 1.6.27-1.\n\n# pacman -Syu \"libpng>=1.6.27-1\"\n\nThe problem has been fixed upstream in version 1.6.27.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA NULL-pointer dereference issue has been found in png_set_text_2() in\nlibpng <= 1.6.26 and >= 0.71. To be vulnerable, an application has to\nload a text chunk into the png structure, then delete all text, then\nadd another text chunk to the same png structure.\n\nImpact\n======\n\nA remote attacker is able to crash the application under certain\ncircumstances.\n\nReferences\n==========\n\nhttp://seclists.org/oss-sec/2016/q4/782\nhttps://security.archlinux.org/CVE-2016-10087", "modified": "2017-01-01T00:00:00", "published": "2017-01-01T00:00:00", "id": "ASA-201701-2", "href": "https://security.archlinux.org/ASA-201701-2", "type": "archlinux", "title": "[ASA-201701-2] libpng: denial of service", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "Arch Linux Security Advisory ASA-201701-4\n=========================================\n\nSeverity: Low\nDate : 2017-01-02\nCVE-ID : CVE-2016-10087\nPackage : libpng12\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-122\n\nSummary\n=======\n\nThe package libpng12 before version 1.2.57-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 1.2.57-1.\n\n# pacman -Syu \"libpng12>=1.2.57-1\"\n\nThe problem has been fixed upstream in version 1.2.57.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA NULL-pointer dereference issue has been found in png_set_text_2() in\nlibpng. To be vulnerable, an application has to load a text chunk into\nthe png structure, then delete all text, then add another text chunk to\nthe same png structure.\n\nImpact\n======\n\nA remote attacker is able to crash the application under certain\ncircumstances.\n\nReferences\n==========\n\nhttp://seclists.org/oss-sec/2016/q4/782\nhttps://security.archlinux.org/CVE-2016-10087", "modified": "2017-01-02T00:00:00", "published": "2017-01-02T00:00:00", "id": "ASA-201701-4", "href": "https://security.archlinux.org/ASA-201701-4", "type": "archlinux", "title": "[ASA-201701-4] libpng12: denial of service", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:35:59", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/libpng-1.6.27-i586-1_slack14.2.txz: Upgraded.\n This release fixes an old NULL pointer dereference bug in png_set_text_2()\n discovered and patched by Patrick Keshishian. The potential \"NULL\n dereference\" bug has existed in libpng since version 0.71 of June 26, 1995.\n To be vulnerable, an application has to load a text chunk into the png\n structure, then delete all text, then add another text chunk to the same\n png structure, which seems to be an unlikely sequence, but it has happened.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libpng-1.2.57-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libpng-1.2.57-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libpng-1.4.20-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libpng-1.4.20-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libpng-1.4.20-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libpng-1.4.20-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libpng-1.4.20-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libpng-1.4.20-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libpng-1.4.20-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libpng-1.4.20-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpng-1.6.27-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpng-1.6.27-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.27-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.27-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\nf26b0d28dce4a534c636686d65ca2bca libpng-1.2.57-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n3db9e1e834935c94c218b4611b2d54af libpng-1.2.57-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ne6006925ff5e15d555548a917f89f0b7 libpng-1.4.20-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n2ca4cc7af20955b24d7848cc4837ec77 libpng-1.4.20-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n130b69e8f87408467e43562e47568005 libpng-1.4.20-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n2a9aeeebb3d048cef35bee237adef15b libpng-1.4.20-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\ncadeb289370ae522b7e9b89e6ca0f9ef libpng-1.4.20-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\na79cbfdc52b5fbf0a9c6bb224f7e8b78 libpng-1.4.20-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nc706d0ab66ee2ef36570daf8f6bddd0a libpng-1.4.20-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n0dab89c2e0203c5d81f99d53a83adf76 libpng-1.4.20-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nac7062bd6e0ab681c003edac12be9d78 libpng-1.6.27-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n26cd876c9156c6cff5d9070c2200b19a libpng-1.6.27-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n3d1b8ba951c04d9ae8febf16e76521e7 l/libpng-1.6.27-i586-1.txz\n\nSlackware x86_64 -current package:\nf8ee6e92995328b271b20d436734ecac l/libpng-1.6.27-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg libpng-1.6.27-i586-1_slack14.2.txz", "modified": "2016-12-30T19:37:21", "published": "2016-12-30T19:37:21", "id": "SSA-2016-365-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619", "type": "slackware", "title": "[slackware-security] libpng", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2017-01-29T18:59:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "edition": 1, "description": "### Background\n\nlibpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several programs, including web browsers and potentially server processes. \n\n### Description\n\nA null pointer dereference was discovered in libpng in the png_push_save_buffer function. In order to be vulnerable, an application has to load a text chunk into the PNG structure, then delete all text, then add another text chunk to the same PNG structure, which seems to be an unlikely sequence, but it is possible. \n\n### Impact\n\nA remote attacker, by enticing a user to process a specially crafted PNG file, could execute arbitrary code with the privileges of the process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libpng 1.6.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libpng-1.6.27\"\n \n\nAll libpng 1.5.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libpng-1.5.28:1.5\"\n \n\nAll libpng 1.2.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libpng-1.2.57:1.2\"", "modified": "2017-01-29T00:00:00", "published": "2017-01-29T00:00:00", "href": "https://security.gentoo.org/glsa/201701-74", "id": "GLSA-201701-74", "type": "gentoo", "title": "libpng: Remote execution of arbitrary code", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:16", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "USN-3712-1 fixed a vulnerability in libpng. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nPatrick Keshishian discovered that libpng incorrectly handled certain PNG files. \nAn attacker could possibly use this to cause a denial of service.", "edition": 6, "modified": "2018-07-11T00:00:00", "published": "2018-07-11T00:00:00", "id": "USN-3712-2", "href": "https://ubuntu.com/security/notices/USN-3712-2", "title": "libpng vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:40:43", "bulletinFamily": "unix", "cvelist": ["CVE-2018-13785", "CVE-2016-10087"], "description": "Patrick Keshishian discovered that libpng incorrectly handled certain PNG files. \nAn attacker could possibly use this to cause a denial of service. This issue \nonly affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10087)\n\nThuan Pham discovered that libpng incorrectly handled certain PNG files. \nAn attacker could possibly use this to cause a denial of service. \nThis issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. \n(CVE-2018-13785)", "edition": 5, "modified": "2018-07-11T00:00:00", "published": "2018-07-11T00:00:00", "id": "USN-3712-1", "href": "https://ubuntu.com/security/notices/USN-3712-1", "title": "libpng vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-04-16T00:00:00", "id": "OPENVAS:1361412562310872573", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872573", "type": "openvas", "title": "Fedora Update for libpng12 FEDORA-2017-bad9942e42", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng12 FEDORA-2017-bad9942e42\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872573\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-16 06:47:59 +0200 (Sun, 16 Apr 2017)\");\n script_cve_id(\"CVE-2016-10087\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng12 FEDORA-2017-bad9942e42\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng12'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libpng12 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-bad9942e42\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LR427SBPDIWELBTOQ23GF2NV2JHUKHUX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng12\", rpm:\"libpng12~1.2.57~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-04-13T00:00:00", "id": "OPENVAS:1361412562310872564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872564", "type": "openvas", "title": "Fedora Update for libpng15 FEDORA-2017-cf1944f480", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng15 FEDORA-2017-cf1944f480\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872564\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-13 06:54:59 +0200 (Thu, 13 Apr 2017)\");\n script_cve_id(\"CVE-2016-10087\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng15 FEDORA-2017-cf1944f480\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng15'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libpng15 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-cf1944f480\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XQU6JO22U3D2SKLEDSJU5WKZOLPO6BR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng15\", rpm:\"libpng15~1.5.28~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-01-10T00:00:00", "id": "OPENVAS:1361412562310872230", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872230", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2016-1a7e14d084", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2016-1a7e14d084\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872230\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-10 05:52:12 +0100 (Tue, 10 Jan 2017)\");\n script_cve_id(\"CVE-2016-10087\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng10 FEDORA-2016-1a7e14d084\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libpng10 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-1a7e14d084\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AF54CK3Z4MK2I65X7IVPNIXOEZD6VLCD\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.67~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-04-13T00:00:00", "id": "OPENVAS:1361412562310872563", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872563", "type": "openvas", "title": "Fedora Update for libpng15 FEDORA-2017-66fd940572", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng15 FEDORA-2017-66fd940572\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872563\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-13 06:54:56 +0200 (Thu, 13 Apr 2017)\");\n script_cve_id(\"CVE-2016-10087\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng15 FEDORA-2017-66fd940572\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng15'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libpng15 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-66fd940572\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45S22E44ZKJLM4JXICAGDJCSVZLLOYRI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng15\", rpm:\"libpng15~1.5.28~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191810", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191810", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1810)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1810\");\n script_version(\"2020-01-23T12:23:33+0000\");\n script_cve_id(\"CVE-2016-10087\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:23:33 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:23:33 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1810)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1810\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1810\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libpng' package(s) announced via the EulerOS-SA-2019-1810 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.(CVE-2016-10087)\");\n\n script_tag(name:\"affected\", value:\"'libpng' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.5.13~7.1.h3.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.5.13~7.1.h3.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-04-16T00:00:00", "id": "OPENVAS:1361412562310872570", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872570", "type": "openvas", "title": "Fedora Update for libpng12 FEDORA-2017-84bc8ac268", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng12 FEDORA-2017-84bc8ac268\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872570\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-16 06:47:30 +0200 (Sun, 16 Apr 2017)\");\n script_cve_id(\"CVE-2016-10087\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng12 FEDORA-2017-84bc8ac268\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng12'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libpng12 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-84bc8ac268\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVHQIBZETQDZ5EFKSABRTTY2OH5XLGCU\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng12\", rpm:\"libpng12~1.2.57~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-01-10T00:00:00", "id": "OPENVAS:1361412562310872247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872247", "type": "openvas", "title": "Fedora Update for libpng10 FEDORA-2016-a4b06a036b", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libpng10 FEDORA-2016-a4b06a036b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872247\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-10 05:52:49 +0100 (Tue, 10 Jan 2017)\");\n script_cve_id(\"CVE-2016-10087\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libpng10 FEDORA-2016-a4b06a036b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng10'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libpng10 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a4b06a036b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MON4FXUM35PIHR7EX6JDDP26WYNZCL6I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpng10\", rpm:\"libpng10~1.0.67~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191307", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191307", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1307)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1307\");\n script_version(\"2020-01-23T11:38:38+0000\");\n script_cve_id(\"CVE-2016-10087\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:38:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:38:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1307)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1307\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1307\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libpng' package(s) announced via the EulerOS-SA-2019-1307 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.(CVE-2016-10087)\");\n\n script_tag(name:\"affected\", value:\"'libpng' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.5.13~7.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.5.13~7.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191117", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191117", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1117)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1117\");\n script_version(\"2020-01-23T11:31:56+0000\");\n script_cve_id(\"CVE-2016-10087\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:31:56 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:31:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2019-1117)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1117\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1117\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libpng' package(s) announced via the EulerOS-SA-2019-1117 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.(CVE-2016-10087)\");\n\n script_tag(name:\"affected\", value:\"'libpng' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng\", rpm:\"libpng~1.5.13~7.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpng-devel\", rpm:\"libpng-devel~1.5.13~7.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13785", "CVE-2016-10087"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310843753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843753", "type": "openvas", "title": "Ubuntu Update for libpng1.6 USN-3712-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3712_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for libpng1.6 USN-3712-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843753\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2016-10087\", \"CVE-2018-13785\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:15:21 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for libpng1.6 USN-3712-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|18\\.04 LTS|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3712-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3712-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libpng1.6'\n package(s) announced via the USN-3712-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Patrick Keshishian discovered that libpng incorrectly handled certain\nPNG files. An attacker could possibly use this to cause a denial of\nservice. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04\nLTS. (CVE-2016-10087)\n\nThuan Pham discovered that libpng incorrectly handled certain PNG\nfiles. An attacker could possibly use this to cause a denial of\nservice. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS.\n(CVE-2018-13785)\");\n\n script_tag(name:\"affected\", value:\"libpng1.6 on Ubuntu 18.04 LTS,\n Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.50-1ubuntu2.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng16-16\", ver:\"1.6.34-1ubuntu0.17.10.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng16-16\", ver:\"1.6.34-1ubuntu0.18.04.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpng12-0\", ver:\"1.2.54-1ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "The libpng12 package provides libpng 1.2, an older version of the libpng library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. ", "modified": "2017-04-15T22:49:41", "published": "2017-04-15T22:49:41", "id": "FEDORA:D67936075EEE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: libpng12-1.2.57-1.fc24", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "The libpng12 package provides libpng 1.2, an older version of the libpng library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. ", "modified": "2017-04-11T13:47:51", "published": "2017-04-11T13:47:51", "id": "FEDORA:12EF860620E5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: libpng12-1.2.57-1.fc26", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. ", "modified": "2017-04-12T19:51:20", "published": "2017-04-12T19:51:20", "id": "FEDORA:EA5B8605E178", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: libpng15-1.5.28-1.fc24", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "The libpng12 package provides libpng 1.2, an older version of the libpng library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. ", "modified": "2017-04-15T23:52:20", "published": "2017-04-15T23:52:20", "id": "FEDORA:733E460478DA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libpng12-1.2.57-1.fc25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "The libpng10 package contains an old version of libpng, a library of functi ons for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamic ally with libpng 1.0.x. ", "modified": "2017-01-07T22:49:59", "published": "2017-01-07T22:49:59", "id": "FEDORA:5F70B6079A15", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: libpng10-1.0.67-1.fc24", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10087"], "description": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng. ", "modified": "2017-04-12T20:24:49", "published": "2017-04-12T20:24:49", "id": "FEDORA:4E5E4608B7EA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libpng15-1.5.28-1.fc25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-07T08:55:27", "description": "According to the version of the libpng packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The png_set_text_2 function in libpng 0.71 before\n 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x\n before 1.5.28, and 1.6.x before 1.6.27 allows\n context-dependent attackers to cause a NULL pointer\n dereference vectors involving loading a text chunk into\n a png structure, removing the text, and then adding\n another text chunk to the structure.(CVE-2016-10087)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-01T00:00:00", "title": "EulerOS 2.0 SP3 : libpng (EulerOS-SA-2019-1307)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "modified": "2019-05-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libpng-devel", "p-cpe:/a:huawei:euleros:libpng", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1307.NASL", "href": "https://www.tenable.com/plugins/nessus/124434", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124434);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10087\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : libpng (EulerOS-SA-2019-1307)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libpng packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The png_set_text_2 function in libpng 0.71 before\n 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x\n before 1.5.28, and 1.6.x before 1.6.27 allows\n context-dependent attackers to cause a NULL pointer\n dereference vectors involving loading a text chunk into\n a png structure, removing the text, and then adding\n another text chunk to the structure.(CVE-2016-10087)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1307\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6f4d9b0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libpng package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libpng-1.5.13-7.h2\",\n \"libpng-devel-1.5.13-7.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:13:04", "description": " - Update to upstream release **1.2.57**.\n\n - Fixes **CVE-2016-10087**.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-04-17T00:00:00", "title": "Fedora 25 : libpng12 (2017-bad9942e42)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "modified": "2017-04-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:libpng12"], "id": "FEDORA_2017-BAD9942E42.NASL", "href": "https://www.tenable.com/plugins/nessus/99416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-bad9942e42.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99416);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10087\");\n script_xref(name:\"FEDORA\", value:\"2017-bad9942e42\");\n\n script_name(english:\"Fedora 25 : libpng12 (2017-bad9942e42)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to upstream release **1.2.57**.\n\n - Fixes **CVE-2016-10087**.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-bad9942e42\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng12 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"libpng12-1.2.57-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T11:05:47", "description": "The remote host is affected by the vulnerability described in GLSA-201701-74\n(libpng: Remote execution of arbitrary code)\n\n A NULL pointer dereference was discovered in libpng in the\n png_push_save_buffer function. In order to be vulnerable, an application\n has to load a text chunk into the PNG structure, then delete all text,\n then add another text chunk to the same PNG structure, which seems to be\n an unlikely sequence, but it is possible.\n \nImpact :\n\n A remote attacker, by enticing a user to process a specially crafted PNG\n file, could execute arbitrary code with the privileges of the process.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-30T00:00:00", "title": "GLSA-201701-74 : libpng: Remote execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "modified": "2017-01-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libpng"], "id": "GENTOO_GLSA-201701-74.NASL", "href": "https://www.tenable.com/plugins/nessus/96860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201701-74.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96860);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10087\");\n script_xref(name:\"GLSA\", value:\"201701-74\");\n\n script_name(english:\"GLSA-201701-74 : libpng: Remote execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201701-74\n(libpng: Remote execution of arbitrary code)\n\n A NULL pointer dereference was discovered in libpng in the\n png_push_save_buffer function. In order to be vulnerable, an application\n has to load a text chunk into the PNG structure, then delete all text,\n then add another text chunk to the same PNG structure, which seems to be\n an unlikely sequence, but it is possible.\n \nImpact :\n\n A remote attacker, by enticing a user to process a specially crafted PNG\n file, could execute arbitrary code with the privileges of the process.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201701-74\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libpng 1.6.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.6.27'\n All libpng 1.5.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.5.28:1.5'\n All libpng 1.2.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libpng-1.2.57:1.2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libpng\", unaffected:make_list(\"ge 1.6.27\", \"ge 1.5.28\", \"ge 1.2.57\"), vulnerable:make_list(\"lt 1.6.27\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:15:22", "description": " - Update to upstream release **1.2.57**.\n\n - Fixes **CVE-2016-10087**.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-07-17T00:00:00", "title": "Fedora 26 : libpng12 (2017-1d305fa070)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "modified": "2017-07-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libpng12", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-1D305FA070.NASL", "href": "https://www.tenable.com/plugins/nessus/101582", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-1d305fa070.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101582);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10087\");\n script_xref(name:\"FEDORA\", value:\"2017-1d305fa070\");\n\n script_name(english:\"Fedora 26 : libpng12 (2017-1d305fa070)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to upstream release **1.2.57**.\n\n - Fixes **CVE-2016-10087**.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-1d305fa070\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng12 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"libpng12-1.2.57-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng12\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:14:01", "description": " - Update to upstream release **1.5.28**.\n\n - Fixes **CVE-2016-10087**.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-04-13T00:00:00", "title": "Fedora 25 : libpng15 (2017-cf1944f480)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "modified": "2017-04-13T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:libpng15"], "id": "FEDORA_2017-CF1944F480.NASL", "href": "https://www.tenable.com/plugins/nessus/99322", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-cf1944f480.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99322);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10087\");\n script_xref(name:\"FEDORA\", value:\"2017-cf1944f480\");\n\n script_name(english:\"Fedora 25 : libpng15 (2017-cf1944f480)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to upstream release **1.5.28**.\n\n - Fixes **CVE-2016-10087**.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf1944f480\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng15 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng15\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"libpng15-1.5.28-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng15\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:14:37", "description": "This update fixes an old NULL pointer dereference bug in\npng_set_text_2() discovered and patched by Patrick Keshishian\n(CVE-2016-10087). The potential 'NULL dereference' bug has existed in\nlibpng since version 0.71 of June 26, 1995. To be vulnerable, an\napplication has to load a text chunk into the png structure, then\ndelete all text, then add another text chunk to the same png\nstructure, which seems to be an unlikely sequence, but it has\nhappened.\n\nThe update also fixes some documentation typos and an instance of\nundefined behavior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-10T00:00:00", "title": "Fedora 25 : libpng10 (2016-a4b06a036b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "modified": "2017-01-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:libpng10"], "id": "FEDORA_2016-A4B06A036B.NASL", "href": "https://www.tenable.com/plugins/nessus/96353", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a4b06a036b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96353);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10087\");\n script_xref(name:\"FEDORA\", value:\"2016-a4b06a036b\");\n\n script_name(english:\"Fedora 25 : libpng10 (2016-a4b06a036b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an old NULL pointer dereference bug in\npng_set_text_2() discovered and patched by Patrick Keshishian\n(CVE-2016-10087). The potential 'NULL dereference' bug has existed in\nlibpng since version 0.71 of June 26, 1995. To be vulnerable, an\napplication has to load a text chunk into the png structure, then\ndelete all text, then add another text chunk to the same png\nstructure, which seems to be an unlikely sequence, but it has\nhappened.\n\nThe update also fixes some documentation typos and an instance of\nundefined behavior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a4b06a036b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"libpng10-1.0.67-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:14:01", "description": "This update fixes an old NULL pointer dereference bug in\npng_set_text_2() discovered and patched by Patrick Keshishian\n(CVE-2016-10087). The potential 'NULL dereference' bug has existed in\nlibpng since version 0.71 of June 26, 1995. To be vulnerable, an\napplication has to load a text chunk into the png structure, then\ndelete all text, then add another text chunk to the same png\nstructure, which seems to be an unlikely sequence, but it has\nhappened.\n\nThe update also fixes some documentation typos and an instance of\nundefined behavior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 21, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-10T00:00:00", "title": "Fedora 24 : libpng10 (2016-1a7e14d084)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "modified": "2017-01-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:libpng10"], "id": "FEDORA_2016-1A7E14D084.NASL", "href": "https://www.tenable.com/plugins/nessus/96350", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-1a7e14d084.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96350);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10087\");\n script_xref(name:\"FEDORA\", value:\"2016-1a7e14d084\");\n\n script_name(english:\"Fedora 24 : libpng10 (2016-1a7e14d084)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an old NULL pointer dereference bug in\npng_set_text_2() discovered and patched by Patrick Keshishian\n(CVE-2016-10087). The potential 'NULL dereference' bug has existed in\nlibpng since version 0.71 of June 26, 1995. To be vulnerable, an\napplication has to load a text chunk into the png structure, then\ndelete all text, then add another text chunk to the same png\nstructure, which seems to be an unlikely sequence, but it has\nhappened.\n\nThe update also fixes some documentation typos and an instance of\nundefined behavior.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-1a7e14d084\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng10 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libpng10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"libpng10-1.0.67-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng10\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:25:36", "description": "This update for libpng16 fixes the following issues: Security issues\nfixed :\n\n - CVE-2016-10087: NULL pointer dereference in\n png_set_text_2() (bsc#1017646)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-03-30T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2017:0853-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "modified": "2017-03-30T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libpng16-16", "p-cpe:/a:novell:suse_linux:libpng16", "p-cpe:/a:novell:suse_linux:libpng16-debugsource", "p-cpe:/a:novell:suse_linux:libpng16-16-debuginfo"], "id": "SUSE_SU-2017-0853-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99085", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0853-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99085);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10087\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : libpng16 (SUSE-SU-2017:0853-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libpng16 fixes the following issues: Security issues\nfixed :\n\n - CVE-2016-10087: NULL pointer dereference in\n png_set_text_2() (bsc#1017646)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10087/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170853-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0fbe00ae\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-478=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-478=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-478=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-478=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-478=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-478=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-478=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16-16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16-16-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpng16-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng16-16-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng16-16-debuginfo-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng16-debugsource-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng16-16-32bit-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpng16-16-debuginfo-32bit-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpng16-16-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpng16-debugsource-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng16-16-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpng16-debugsource-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpng16-16-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpng16-16-32bit-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpng16-16-debuginfo-32bit-1.6.8-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpng16-debugsource-1.6.8-14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng16\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:10:15", "description": "New libpng packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix a security issue.", "edition": 23, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-03T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libpng (SSA:2016-365-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "p-cpe:/a:slackware:slackware_linux:libpng", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2016-365-01.NASL", "href": "https://www.tenable.com/plugins/nessus/96179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2016-365-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96179);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2017/09/21 13:38:14 $\");\n\n script_cve_id(\"CVE-2016-10087\");\n script_xref(name:\"SSA\", value:\"2016-365-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libpng (SSA:2016-365-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New libpng packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a599f8f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpng package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"libpng\", pkgver:\"1.2.57\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.2.57\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"libpng\", pkgver:\"1.4.20\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.4.20\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"libpng\", pkgver:\"1.4.20\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.4.20\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"libpng\", pkgver:\"1.4.20\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.4.20\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"libpng\", pkgver:\"1.4.20\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.4.20\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"libpng\", pkgver:\"1.6.27\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.6.27\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"libpng\", pkgver:\"1.6.27\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"libpng\", pkgver:\"1.6.27\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:59:04", "description": "According to the version of the libpng packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The png_set_text_2 function in libpng 0.71 before\n 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x\n before 1.5.28, and 1.6.x before 1.6.27 allows\n context-dependent attackers to cause a NULL pointer\n dereference vectors involving loading a text chunk into\n a png structure, removing the text, and then adding\n another text chunk to the structure.(CVE-2016-10087)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-23T00:00:00", "title": "EulerOS 2.0 SP5 : libpng (EulerOS-SA-2019-1810)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10087"], "modified": "2019-08-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libpng-devel", "p-cpe:/a:huawei:euleros:libpng", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1810.NASL", "href": "https://www.tenable.com/plugins/nessus/128102", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128102);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-10087\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libpng (EulerOS-SA-2019-1810)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libpng packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The png_set_text_2 function in libpng 0.71 before\n 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x\n before 1.5.28, and 1.6.x before 1.6.27 allows\n context-dependent attackers to cause a NULL pointer\n dereference vectors involving loading a text chunk into\n a png structure, removing the text, and then adding\n another text chunk to the structure.(CVE-2016-10087)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1810\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fcadfd1f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libpng package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libpng-1.5.13-7.1.h3.eulerosv2r7\",\n \"libpng-devel-1.5.13-7.1.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "software", "cvelist": ["CVE-2018-13785", "CVE-2016-10087"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nPatrick Keshishian discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10087)\n\nThuan Pham discovered that libpng incorrectly handled certain PNG files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2018-13785)\n\nCVEs contained in this USN include: CVE-2016-10087, CVE-2018-13785\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.26\n * 3541.x versions prior to 3541.36\n * 3468.x versions prior to 3468.54\n * 3445.x versions prior to 3445.54\n * 3421.x versions prior to 3421.69\n * 3363.x versions prior to 3363.68\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.226.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.7.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.26\n * Upgrade 3541.x versions to 3541.36\n * Upgrade 3468.x versions to 3468.54\n * Upgrade 3445.x versions to 3445.54\n * Upgrade 3421.x versions to 3421.69\n * Upgrade 3363.x versions to 3363.68\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.226.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.7.0 or later.\n\n# References\n\n * [USN-3712-1](<https://usn.ubuntu.com/3712-1>)\n * [CVE-2016-10087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087>)\n * [CVE-2018-13785](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785>)\n", "edition": 6, "modified": "2018-07-19T00:00:00", "published": "2018-07-19T00:00:00", "id": "CFOUNDRY:5EFB3C0BFEF3ED0FAC75ED9EF0994C4E", "href": "https://www.cloudfoundry.org/blog/usn-3712-1/", "title": "USN-3712-1: libpng vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}