Vulnerability Note VU#630433
NetPBM contains multiple buffer overflow vulnerabilities
Overview
NetPBM is a set of graphics conversion tools and has been found to contain multiple buffer overflow vulnerabilities.
Description
A code review of NetPBM has revealed multiple buffer overflow vulnerabilities. These vulnerabilities could be exploited by loading malicious image files. |
Impact
The complete impact of these vulnerabilities is not yet known, but could range from a denial of service or potential execution of code. |
Solution
Please see your vendor notification for a vendor specific patch. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Debian | Affected | - | 17 Mar 2003 |
| NetPBM | Affected | 19 Dec 2002 | 17 Mar 2003 |
| Red Hat Inc. | Affected | - | 03 Apr 2003 |
| Apple Computer Inc. | Not Affected | - | 17 Mar 2003 |
| Fujitsu | Not Affected | - | 17 Mar 2003 |
| Hewlett-Packard Company | Not Affected | - | 17 Mar 2003 |
| Ingrian Networks | Not Affected | - | 17 Mar 2003 |
| Microsoft Corporation | Not Affected | - | 17 Mar 2003 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
Thanks to Alan Cox for reporting this vulnerability and creating the initial fixes and to Al Viro for discovering the original flaw. We also thank Martin Schulze and Sebastian Kramer provided additional fixes to the patches.
This document was written by Jason A Rafail.
Other Information
- CVE IDs: Unknown
- Date Public: 28 Feb 2003
- Date First Published: 17 Mar 2003
- Date Last Updated: 03 Apr 2003
- Severity Metric: 1.01
- Document Revision: 9
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.