Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201311-08
HistoryNov 13, 2013 - 12:00 a.m.

Netpbm: User-assisted arbitrary code execution

2013-11-1300:00:00
Gentoo Foundation
security.gentoo.org
11

0.021 Low

EPSS

Percentile

89.2%

JSON

Background

Netpbm is a toolkit for manipulation of graphic images, including conversion of images between a variety of different formats.

Description

A stack-based buffer overflow exists in converter/ppm/xpmtoppm.c in Netpbm.

Impact

A remote attacker could entice a user to open a specially crafted XMP file using Netpbm, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Netpbm users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/netpbm-10.49.00"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/netpbm< 10.49.00UNKNOWN

Related

nessus 15
altlinux 1
ubuntucve 1
cve 1
openvas 21
osv 1
debian 2
prion 1
debiancve 1
ubuntu 1
veracode 3
cvelist 1
redhat 1
centos 1
oraclelinux 1
nessus
nessus
Debian DSA-2026-1 : netpbm-free - stack-based buffer overflow
2010-04-03 00:00:00
openSUSE Security Update : libnetpbm-devel (libnetpbm-devel-2011)
2010-03-08 00:00:00
openSUSE Security Update : libnetpbm-devel (libnetpbm-devel-2011)
2010-03-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package netpbm version 10.35.32-alt1.M51.1
2010-02-13 00:00:00
ubuntucve
ubuntucve
CVE-2009-4274
2010-02-12 00:00:00
cve
cve
CVE-2009-4274
2010-02-12 21:30:00
openvas
openvas
Debian: Security Advisory (DSA-2026-1)
2023-03-08 00:00:00
Mandriva Update for dbus-glib MDVA-2010:039 (dbus-glib)
2010-01-22 00:00:00
Ubuntu: Security Advisory (USN-934-1)
2010-04-30 00:00:00
osv
osv
netpbm-free - buffer overflow
2010-04-02 00:00:00
debian
debian
[SECURITY] [DSA 2026-1] New netpbm-free packages fix denial of service
2010-04-02 15:35:52
[SECURITY] [DSA 2026-1] New netpbm-free packages fix denial of service
2010-04-02 15:35:39
prion
prion
Stack overflow
2010-02-12 21:30:00
debiancve
debiancve
CVE-2009-4274
2010-02-12 21:30:00
ubuntu
ubuntu
Netpbm vulnerability
2010-04-29 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:50:43
Memory Corruption
2019-05-02 04:40:58
Denial Of Service (DoS) Or Remote Code Execution (RCE)
2019-05-02 04:40:58
cvelist
cvelist
CVE-2009-4274
2010-02-12 21:00:00
redhat
redhat
(RHSA-2011:1811) Important: netpbm security update
2011-12-12 00:00:00
centos
centos
netpbm security update
2011-12-12 22:16:22
oraclelinux
oraclelinux
netpbm security update
2011-12-12 00:00:00

0.021 Low

EPSS

Percentile

89.2%

JSON
Related for GLSA-201311-08
nessus15altlinux1ubuntucve1cve1openvas21osv1debian2prion1debiancve1ubuntu1veracode3cvelist1redhat1centos1oraclelinux1