CVE-2016-3751

Published: August 31, 2023Last modified: August 31, 2023

Description

Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085.

Severity score breakdown

Parameter	Value
Base score	7.8
Attack Vector	LOCAL
Attack complexity	LOW
Privileges required	NONE
User interaction	REQUIRED
Scope	UNCHANGED
Confidentiality	HIGH
Integrity impact	HIGH
Availability impact	HIGH
Vector	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	syslinux	Not affected (6.04_pre2_git20190206-r6)
Alpaquita Linux	Stream	syslinux	Not affected (6.04_pre2_git20190206-r10)

References

http://source.android.com/security/bulletin/2016-07-01.html
http://www.openwall.com/lists/oss-security/2016/07/09/4
https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca
https://security.netapp.com/advisory/ntap-20240719-0004/