Al Viro and Alan Cox discovered several maths overflow errors in
NetPBM, a set of graphics conversion tools. These programs are not
installed setuid root but are often installed to prepare data for
processing. These vulnerabilities may allow remote attackers to cause
a denial of service or execute arbitrary code.
For the stable distribution (woody) this problem has been
fixed in version 9.20-8.2.
The old stable distribution (potato) does not seem to be affected
by this problem.
For the unstable distribution (sid) this problem has been
fixed in version 9.20-9.
We recommend that you upgrade your netpbm package.