Veracode Vulnerability DatabaseVERACODE:23710

HistoryApr 10, 2020 - 12:34 a.m.

Arbitrary Code Execution

2020-04-1000:34:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

netpbm is vulnerable to arbitrary code execution. The vulnerability exists as an input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam.

CPENameOperatorVersion
netpbmeq10.25__2.EL4.6.el4_6.1
netpbmeq10.25__2.EL4.6.el4_6.1

CPE	Name	Operator	Version
	netpbm	eq	10.25__2.EL4.6.el4_6.1
	netpbm	eq	10.25__2.EL4.6.el4_6.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=413033

bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041

bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88

osvdb.org/36137

secunia.com/advisories/25287

secunia.com/advisories/25703

secunia.com/advisories/26516

secunia.com/advisories/27319

secunia.com/advisories/27489

secunia.com/advisories/39505

www.debian.org/security/2010/dsa-2036

www.mandriva.com/security/advisories?name=MDKSA-2007:129

www.mandriva.com/security/advisories?name=MDKSA-2007:208

www.mandriva.com/security/advisories?name=MDKSA-2007:209

www.mandriva.com/security/advisories?name=MDVSA-2009:142

www.mandriva.com/security/advisories?name=MDVSA-2009:164

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2009-0012.html

www.securityfocus.com/bid/24052

www.ubuntu.com/usn/usn-501-1

www.ubuntu.com/usn/usn-501-2

www.vupen.com/english/advisories/2010/0912

access.redhat.com/errata/RHSA-2009:0012

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9397

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:23710