|
NetPBM Multiple Math Overflows
|
|
Secunia Advisory:
|
SA8222
|
|
|
Release Date:
|
2003-03-05
|
|
Popularity:
|
5,626 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | NetPBM 10.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Multiple boundary errors have been identified in NetPBM, which theoretically could be exploited to compromise a user's system.
Some of the vulnerabilities exist when handling long file names (longer than 2 GB) and the size of images. Successful exploitation could potentially allow malicious people to conduct a DoS attack (Denial of Service) on a user's system or execute arbitrary code. This has not been proved, though.
NetPBM is not installed suid but is used by some applications for print formatting and image conversion.
Solution:
Reportedly, the latest upgrade patches for version 10.14 and 10.11.5 fix the vulnerabilities:
http://sourceforge.net/projects/netpbm/
One of the patch authors also states that "netpbm is very old code, written in times with a different threat model" and therefore advises users to use something else instead.
Provided and/or discovered by:
Al Viro
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
