Fix CVE-2016-10087, a null pointer dereference in png_set_text_2(): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087 http://seclists.org/oss-sec/2016/q4/777 Patch adapted from upstream source repository: https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/ From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Thu, 29 Dec 2016 07:51:33 -0600 Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in png_set_text_2() (bug report and patch by Patrick Keshishian). --- ANNOUNCE | 2 ++ CHANGES | 2 ++ png.c | 1 + 3 files changed, 5 insertions(+) diff --git a/png.c b/png.c index 8afc28fc2..2e05de159 100644 --- a/png.c +++ b/png.c @@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, png_free(png_ptr, info_ptr->text); info_ptr->text = NULL; info_ptr->num_text = 0; + info_ptr->max_text = 0; } } #endif -- 2.11.0