Vulnerability Note VU#630433

NetPBM contains multiple buffer overflow vulnerabilities

Overview

NetPBM is a set of graphics conversion tools and has been found to contain multiple buffer overflow vulnerabilities.

I. Description

A code review of NetPBM has revealed multiple buffer overflow vulnerabilities. These vulnerabilities could be exploited by loading malicious image files.

II. Impact

The complete impact of these vulnerabilities is not yet known, but could range from a denial of service or potential execution of code.

III. Solution

Please see your vendor notification for a vendor specific patch.

Systems Affected

Vendor	Status	Date Updated
Apple Computer Inc.	Not Vulnerable	17-Mar-2003
Debian	Vulnerable	17-Mar-2003
Fujitsu	Not Vulnerable	17-Mar-2003
Hewlett-Packard Company	Not Vulnerable	17-Mar-2003
Ingrian Networks	Not Vulnerable	17-Mar-2003
Microsoft Corporation	Not Vulnerable	17-Mar-2003
NetPBM	Vulnerable	17-Mar-2003
Red Hat Inc.	Vulnerable	3-Apr-2003

References

http://www.securityfocus.com/bid/6979

Credit

Thanks to Alan Cox for reporting this vulnerability and creating the initial fixes and to Al Viro for discovering the original flaw. We also thank Martin Schulze and Sebastian Kramer provided additional fixes to the patches.

This document was written by Jason A Rafail.

Other Information

Date Public	02/28/2003
Date First Published	03/17/2003 05:07:51 PM
Date Last Updated	04/03/2003
CERT Advisory
CVE Name
US-CERT Technical Alerts
Metric	1.01
Document Revision	9

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader