Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2005:843-01
HistoryDec 22, 2005 - 12:11 a.m.

netpbm security update

2005-12-2200:11:59
CentOS Project
lists.centos.org
38

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

45.7%

JSON

CentOS Errata and Security Advisory CESA-2005:843-01

The netpbm package contains a library of functions that support programs
for handling various graphics file formats.

A stack based buffer overflow bug was found in the way netpbm converts
Portable Anymap (PNM) files into Portable Network Graphics (PNG). A
specially crafted PNM file could allow an attacker to execute arbitrary
code by attempting to convert a PNM file to a PNG file when using pnmtopng
with the ‘-text’ option. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3632 to this issue.

An “off by one” bug was found in the way netpbm converts Portable Anymap
(PNM) files into Portable Network Graphics (PNG). If a victim attempts to
convert a specially crafted 256 color PNM file to a PNG file, then it can
cause the pnmtopng utility to crash. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-3662 to this issue.

All users of netpbm should upgrade to these updated packages, which contain
backported patches that resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-December/074668.html

Affected packages:
netpbm
netpbm-devel
netpbm-progs

Related

nessus 6
redhat 1
centos 1
ubuntu 1
osv 1
openvas 4
ubuntucve 2
debiancve 2
cve 2
cvelist 2
nvd 2
debian 2
nessus
nessus
Debian DSA-904-1 : netpbm-free - buffer overflows
2006-10-14 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : netpbm-free vulnerabilities (USN-218-1)
2006-01-15 00:00:00
Mandrake Linux Security Advisory : netpbm (MDKSA-2005:217)
2006-01-15 00:00:00
redhat
redhat
(RHSA-2005:843) netpbm security update
2005-12-20 00:00:00
centos
centos
netpbm security update
2005-12-20 23:27:22
ubuntu
ubuntu
netpbm vulnerabilities
2005-11-22 00:00:00
osv
osv
netpbm-free - buffer overflows
2005-11-21 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-904-1)
2008-01-17 00:00:00
SLES9: Security update for netpbm
2009-10-10 00:00:00
Debian Security Advisory DSA 904-1 (netpbm-free)
2008-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2005-3662
2005-11-18 00:00:00
CVE-2005-3632
2005-11-21 00:00:00
debiancve
debiancve
CVE-2005-3662
2005-11-18 02:02:00
CVE-2005-3632
2005-11-21 22:03:00
cve
cve
CVE-2005-3662
2005-11-18 02:02:00
CVE-2005-3632
2005-11-21 22:03:00
cvelist
cvelist
CVE-2005-3662
2005-11-18 02:00:00
CVE-2005-3632
2005-11-21 22:00:00
nvd
nvd
CVE-2005-3662
2005-11-18 02:02:00
CVE-2005-3632
2005-11-21 22:03:00
debian
debian
[SECURITY] [DSA 904-1] New netpbm packages fix arbitrary code execution
2005-11-21 17:05:18
[SECURITY] [DSA 904-1] New netpbm packages fix arbitrary code execution
2005-11-21 17:05:18

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

45.7%

JSON
Related for CESA-2005:843-01
nessus6redhat1centos1ubuntu1osv1openvas4ubuntucve2debiancve2cve2cvelist2nvd2debian2