Vulnerability Note VU#630433

NetPBM contains multiple buffer overflow vulnerabilities

Original Release date: 17 Mar 2003 | Last revised: 03 Apr 2003

Overview

NetPBM is a set of graphics conversion tools and has been found to contain multiple buffer overflow vulnerabilities.

Description

A code review of NetPBM has revealed multiple buffer overflow vulnerabilities. These vulnerabilities could be exploited by loading malicious image files.

Impact

The complete impact of these vulnerabilities is not yet known, but could range from a denial of service or potential execution of code.

Solution

Please see your vendor notification for a vendor specific patch.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
DebianAffected-17 Mar 2003
NetPBMAffected19 Dec 200217 Mar 2003
Red Hat Inc.Affected-03 Apr 2003
Apple Computer Inc.Not Affected-17 Mar 2003
FujitsuNot Affected-17 Mar 2003
Hewlett-Packard CompanyNot Affected-17 Mar 2003
Ingrian Networks Not Affected-17 Mar 2003
Microsoft CorporationNot Affected-17 Mar 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Alan Cox for reporting this vulnerability and creating the initial fixes and to Al Viro for discovering the original flaw. We also thank Martin Schulze and Sebastian Kramer provided additional fixes to the patches.

This document was written by Jason A Rafail.

Other Information

  • CVE IDs: Unknown
  • Date Public: 28 Feb 2003
  • Date First Published: 17 Mar 2003
  • Date Last Updated: 03 Apr 2003
  • Severity Metric: 1.01
  • Document Revision: 9

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.