Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1021-1
HistoryMar 28, 2006 - 12:00 a.m.

netpbm-free - insecure program execution

2006-03-2800:00:00
Google
osv.dev
4

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Max Vozeler from the Debian Audit Project discovered that pstopnm, a
converter from Postscript to the PBM, PGM and PNM formats, launches
Ghostscript in an insecure manner, which might lead to the execution
of arbitrary shell commands, when converting specially crafted Postscript
files.

For the old stable distribution (woody) this problem has been fixed in
version 9.20-8.6.

For the stable distribution (sarge) this problem has been fixed in
version 10.0-8sarge3.

For the unstable distribution (sid) this problem has been fixed in
version 10.0-9.

We recommend that you upgrade your netpbm package.

Related

nessus 6
debiancve 1
openvas 6
ubuntu 1
centos 3
gentoo 1
ubuntucve 1
debian 1
cve 1
redhat 1
nessus
nessus
Debian DSA-1021-1 : netpbm-free - insecure program execution
2006-10-14 00:00:00
Ubuntu 4.10 / 5.04 : netpbm-free vulnerability (USN-164-1)
2006-01-15 00:00:00
RHEL 2.1 / 3 / 4 : netpbm (RHSA-2005:743)
2005-08-23 00:00:00
debiancve
debiancve
CVE-2005-2471
2005-08-05 04:00:00
openvas
openvas
SLES9: Security update for netpbm and libnetpbm
2009-10-10 00:00:00
Debian: Security Advisory (DSA-1021-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200508-04 (Netpbm)
2008-09-24 00:00:00
ubuntu
ubuntu
netpbm vulnerability
2005-08-11 00:00:00
centos
centos
netpbm security update
2005-08-22 23:25:00
netpbm security update
2005-08-22 15:16:50
X11, netpbm, vim security update
2005-08-22 15:17:59
gentoo
gentoo
Netpbm: Arbitrary code execution in pstopnm
2005-08-05 00:00:00
ubuntucve
ubuntucve
CVE-2005-2471
2005-08-05 00:00:00
debian
debian
[SECURITY] [DSA 1021-1] New netpbm-free packages fix arbitrary command execution
2006-03-28 17:04:51
cve
cve
CVE-2005-2471
2005-08-05 04:00:00
redhat
redhat
(RHSA-2005:743) netpbm security update
2005-08-22 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-1021-1
nessus6debiancve1openvas6ubuntu1centos3gentoo1ubuntucve1debian1cve1redhat1