Secunia Logo
Netsikker nu! 2008
 
NetPBM Multiple Math Overflows
Secunia Advisory: SA8222
Release Date: 2003-03-05
Popularity: 5,626 views

Critical:
Less critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

Software:NetPBM 10.x

Subscribe: Instant alerts on relevant vulnerabilities


Description:
Multiple boundary errors have been identified in NetPBM, which theoretically could be exploited to compromise a user's system.

Some of the vulnerabilities exist when handling long file names (longer than 2 GB) and the size of images. Successful exploitation could potentially allow malicious people to conduct a DoS attack (Denial of Service) on a user's system or execute arbitrary code. This has not been proved, though.

NetPBM is not installed suid but is used by some applications for print formatting and image conversion.

Solution:
Reportedly, the latest upgrade patches for version 10.14 and 10.11.5 fix the vulnerabilities:

http://sourceforge.net/projects/netpbm/


One of the patch authors also states that "netpbm is very old code, written in times with a different threat model" and therefore advises users to use something else instead.

Provided and/or discovered by:
Al Viro


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. phpBB "gen_rand_string()" Predictable RNG Weakness // 112 views
2. phpBB Avatar Script Insertion Vulnerability // 63 views
3. phpBB "url" bbcode Script Insertion Vulnerability // 62 views
4. phpBB BBcode "url" Script Insertion Vulnerability // 61 views
5. phpBB Avatar Functions Information Disclosure and Deletion // 45 views
6. VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities // 42 views
7. Microsoft Windows Vista Page Fault Handling Denial of Service // 42 views
8. VMware VirtualCenter Multiple Vulnerabilities // 31 views
9. Serv-U File Renaming Directory Traversal and STOU Denial of Service // 30 views
10. VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability // 25 views