7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.09 Low
EPSS
Percentile
94.7%
NetPBM is a set of graphics conversion tools and has been found to contain multiple buffer overflow vulnerabilities.
A code review of NetPBM has revealed multiple buffer overflow vulnerabilities. These vulnerabilities could be exploited by loading malicious image files.
The complete impact of these vulnerabilities is not yet known, but could range from a denial of service or potential execution of code.
Please see your vendor notification for a vendor specific patch.
630433
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: March 17, 2003
Affected
Please see <http://www.debian.org/security/2003/dsa-263>.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23630433 Feedback>).
Notified: December 20, 2002 Updated: March 17, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23630433 Feedback>).
Updated: April 03, 2003
Affected
Red Hat Linux and Red Hat Enterprise Linux ship with a NetPBM package vulnerable to these issues. Updated NetPBM packages are available along with our advisory at the URLs below. Users of the Red Hat Network can update their systems using the ‘up2date’ tool.
Red Hat Enterprise Linux:
<http://rhn.redhat.com/errata/RHSA-2003-061.html>
Red Hat Linux:
<http://rhn.redhat.com/errata/RHSA-2003-060.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23630433 Feedback>).
Updated: March 17, 2003
Not Affected
Mac OS X and Mac OS X Server do not contain the vulnerabilities described in this report.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23630433 Feedback>).
Updated: March 17, 2003
Not Affected
Fujitsu’s UXP/V o.s. does not support the Utah Raster Toolkit or netpbm, so it is not vulnerable to the vulnerabilities reported in this VU report.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23630433 Feedback>).
Updated: March 17, 2003
Not Affected
------------------------------------- Source: Hewlett-Packard Company Software Security Response Team
HP-UX - not vulnerable HP-MPE/ix - not vulnerable HP Tru64 UNIX - not vulnerable HP OpenVMS - not vulnerable HP NonStop Servers - not vulnerable
To report potential security vulnerabilities in HP software, send an E-mail message to: ``[mailto:[email protected]](<mailto:[email protected]>)``
--------------------------------------
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23630433 Feedback>).
Updated: March 17, 2003
Not Affected
Ingrian Networks products are not vulnerable to VU#378049 or VU#630433.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23630433 Feedback>).
Updated: March 17, 2003
Not Affected
Microsoft has confirmed this issue does not affect our software.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23630433 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.securityfocus.com/bid/6979>
Thanks to Alan Cox for reporting this vulnerability and creating the initial fixes and to Al Viro for discovering the original flaw. We also thank Martin Schulze and Sebastian Kramer provided additional fixes to the patches.
This document was written by Jason A Rafail.
CVE IDs: | CVE-2003-0146 |
---|---|
Severity Metric: | 1.01 Date Public: |