Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2008:0131-01
HistoryMar 18, 2008 - 10:48 p.m.

netpbm security update

2008-03-1822:48:08
CentOS Project
lists.centos.org
47

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.4%

JSON

CentOS Errata and Security Advisory CESA-2008:0131-01

The netpbm package contains a library of functions for editing and
converting between various graphics file formats, including .pbm (portable
bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable
pixmaps) and others. The package includes no interactive tools and is
primarily used by other programs (eg CGI scripts that manage web-site
images).

An input validation flaw was discovered in the GIF-to-PNM converter
(giftopnm) shipped with the netpbm package. An attacker could create a
carefully crafted GIF file which could cause giftopnm to crash or possibly
execute arbitrary code as the user running giftopnm. (CVE-2008-0554)

All users are advised to upgrade to these updated packages which contain a
backported patch which resolves this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-March/076920.html

Affected packages:
netpbm
netpbm-devel
netpbm-progs

Related

oraclelinux 1
openvas 21
debian 3
securityvulns 2
nessus 7
ubuntu 1
redhat 1
centos 1
debiancve 1
ubuntucve 1
prion 1
cve 1
oraclelinux
oraclelinux
Moderate: netpbm security update
2008-02-28 00:00:00
openvas
openvas
RedHat Update for netpbm RHSA-2008:0131-01
2009-03-06 00:00:00
CentOS Update for netpbm CESA-2008:0131 centos4 i386
2009-02-27 00:00:00
RedHat Update for netpbm RHSA-2008:0131-01
2009-03-06 00:00:00
debian
debian
[SECURITY] [DSA 1579-1] New netpbm-free packages fix arbitrary code execution
2008-05-18 09:29:26
[SECURITY] [DSA 1493-1] New sdl-image1.2 packages fix arbitrary code execution
2008-02-10 21:27:49
[SECURITY] [DSA 1493-2] New sdl-image1.2 packages fix arbitrary code execution
2008-03-16 20:20:04
securityvulns
securityvulns
Netpbm buffer overflow
2008-02-10 00:00:00
[ MDVSA-2008:039 ] - Updated netpbm packages fix buffer overflow vulnerability
2008-02-10 00:00:00
nessus
nessus
Scientific Linux Security Update : netpbm on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
Ubuntu 6.06 LTS / 7.10 : netpbm-free vulnerability (USN-665-1)
2009-04-23 00:00:00
Debian DSA-1579-1 : netpbm-free - insufficient input sanitizing
2008-05-19 00:00:00
ubuntu
ubuntu
Netpbm vulnerability
2008-11-06 00:00:00
redhat
redhat
(RHSA-2008:0131) Moderate: netpbm security update
2008-02-28 00:00:00
centos
centos
netpbm security update
2008-02-28 11:55:37
debiancve
debiancve
CVE-2008-0554
2008-02-08 02:00:00
ubuntucve
ubuntucve
CVE-2008-0554
2008-02-08 00:00:00
prion
prion
Buffer overflow
2008-02-08 02:00:00
cve
cve
CVE-2008-0554
2008-02-08 02:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.4%

JSON
Related for CESA-2008:0131-01
oraclelinux1openvas21debian3securityvulns2nessus7ubuntu1redhat1centos1debiancve1ubuntucve1prion1cve1