Vulnerabilites related to netpbm - netpbm
cve-2017-2587
Vulnerability from cvelistv5
Published
2018-07-27 18:00
Modified
2024-08-05 13:55
Severity ?
EPSS score ?
Summary
A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96702 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2587 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:55:06.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96702",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96702"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netpbm",
"vendor": "Netpbm",
"versions": [
{
"status": "affected",
"version": "10.61"
}
]
}
],
"datePublic": "2018-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "96702",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96702"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2587"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netpbm",
"version": {
"version_data": [
{
"version_value": "10.61"
}
]
}
}
]
},
"vendor_name": "Netpbm"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96702"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2587",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2587"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2587",
"datePublished": "2018-07-27T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:55:06.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2586
Vulnerability from cvelistv5
Published
2018-07-27 18:00
Modified
2024-08-05 13:55
Severity ?
EPSS score ?
Summary
A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96708 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:55:06.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netpbm",
"vendor": "Netpbm",
"versions": [
{
"status": "affected",
"version": "10.61"
}
]
}
],
"datePublic": "2018-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "96708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netpbm",
"version": {
"version_data": [
{
"version_value": "10.61"
}
]
}
}
]
},
"vendor_name": "Netpbm"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96708"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2586",
"datePublished": "2018-07-27T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:55:06.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0146
Vulnerability from cvelistv5
Published
2003-03-18 05:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2003/dsa-263 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/6979 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/630433 | third-party-advisory, x_refsource_CERT-VN | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656 | vendor-advisory, x_refsource_CONECTIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11463 | vdb-entry, x_refsource_XF | |
| http://www.redhat.com/support/errata/RHSA-2003-060.html | vendor-advisory, x_refsource_REDHAT | |
| http://marc.info/?l=bugtraq&m=104644687816522&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-263",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-263"
},
{
"name": "6979",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6979"
},
{
"name": "VU#630433",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/630433"
},
{
"name": "CLSA-2003:656",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000656"
},
{
"name": "netpbm-multiple-bo(11463)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11463"
},
{
"name": "RHSA-2003:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-060.html"
},
{
"name": "20030228 NetPBM, multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104644687816522\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via \"maths overflow errors\" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-263",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-263"
},
{
"name": "6979",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6979"
},
{
"name": "VU#630433",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/630433"
},
{
"name": "CLSA-2003:656",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000656"
},
{
"name": "netpbm-multiple-bo(11463)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11463"
},
{
"name": "RHSA-2003:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-060.html"
},
{
"name": "20030228 NetPBM, multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104644687816522\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via \"maths overflow errors\" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-263",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-263"
},
{
"name": "6979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6979"
},
{
"name": "VU#630433",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/630433"
},
{
"name": "CLSA-2003:656",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000656"
},
{
"name": "netpbm-multiple-bo(11463)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11463"
},
{
"name": "RHSA-2003:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-060.html"
},
{
"name": "20030228 NetPBM, multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104644687816522\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0146",
"datePublished": "2003-03-18T05:00:00",
"dateReserved": "2003-03-14T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2978
Vulnerability from cvelistv5
Published
2005-10-18 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-210-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/210-1/"
},
{
"name": "1015071",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015071"
},
{
"name": "ADV-2005-2133",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2133"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "DSA-878",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-878"
},
{
"name": "17221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17221"
},
{
"name": "17357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17357"
},
{
"name": "RHSA-2005:793",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-793.html"
},
{
"name": "17256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17256"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278"
},
{
"name": "17265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17265"
},
{
"name": "17222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17222"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "GLSA-200510-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml"
},
{
"name": "15128",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15128"
},
{
"name": "oval:org.mitre.oval:def:10135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-210-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/210-1/"
},
{
"name": "1015071",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015071"
},
{
"name": "ADV-2005-2133",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2133"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "DSA-878",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-878"
},
{
"name": "17221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17221"
},
{
"name": "17357",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17357"
},
{
"name": "RHSA-2005:793",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-793.html"
},
{
"name": "17256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17256"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278"
},
{
"name": "17265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17265"
},
{
"name": "17222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17222"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "GLSA-200510-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml"
},
{
"name": "15128",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15128"
},
{
"name": "oval:org.mitre.oval:def:10135",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10135"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2978",
"datePublished": "2005-10-18T04:00:00",
"dateReserved": "2005-09-19T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4799
Vulnerability from cvelistv5
Published
2008-10-30 22:00
Modified
2024-08-07 10:31
Severity ?
EPSS score ?
Summary
pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31871 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2008/10/23/2 | mailing-list, x_refsource_MLIST | |
| http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY | x_refsource_CONFIRM | |
| https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00069.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2008/10/22/7 | mailing-list, x_refsource_MLIST | |
| https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00058.html | vendor-advisory, x_refsource_FEDORA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46054 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:27.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31871"
},
{
"name": "[oss-security] 20081023 Re: CVE Request (netpbm)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY"
},
{
"name": "FEDORA-2008-6999",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00069.html"
},
{
"name": "[oss-security] 20081022 CVE Request (netpbm)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/22/7"
},
{
"name": "FEDORA-2008-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00058.html"
},
{
"name": "netpbm-pamperspective-pngtopnm-bo(46054)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31871"
},
{
"name": "[oss-security] 20081023 Re: CVE Request (netpbm)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY"
},
{
"name": "FEDORA-2008-6999",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00069.html"
},
{
"name": "[oss-security] 20081022 CVE Request (netpbm)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/22/7"
},
{
"name": "FEDORA-2008-6982",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00058.html"
},
{
"name": "netpbm-pamperspective-pngtopnm-bo(46054)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46054"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31871"
},
{
"name": "[oss-security] 20081023 Re: CVE Request (netpbm)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/2"
},
{
"name": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY",
"refsource": "CONFIRM",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY"
},
{
"name": "FEDORA-2008-6999",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00069.html"
},
{
"name": "[oss-security] 20081022 CVE Request (netpbm)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/22/7"
},
{
"name": "FEDORA-2008-6982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00058.html"
},
{
"name": "netpbm-pamperspective-pngtopnm-bo(46054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46054"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4799",
"datePublished": "2008-10-30T22:00:00",
"dateReserved": "2008-10-30T00:00:00",
"dateUpdated": "2024-08-07T10:31:27.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4274
Vulnerability from cvelistv5
Published
2010-02-12 21:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:1811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch\u0026r1=995\u0026r2=1076\u0026pathrev=1076"
},
{
"name": "ADV-2010-0358",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0358"
},
{
"name": "38530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38530"
},
{
"name": "[oss-security] 20100209 vulnerability in netpbm (CVE-2009-4274)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/09/11"
},
{
"name": "ADV-2010-0780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0780"
},
{
"name": "netpbm-xpm-bo(56207)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "DSA-2026",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38915"
},
{
"name": "38164",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38164"
},
{
"name": "MDVSA-2010:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:1811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch\u0026r1=995\u0026r2=1076\u0026pathrev=1076"
},
{
"name": "ADV-2010-0358",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0358"
},
{
"name": "38530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38530"
},
{
"name": "[oss-security] 20100209 vulnerability in netpbm (CVE-2009-4274)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/09/11"
},
{
"name": "ADV-2010-0780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0780"
},
{
"name": "netpbm-xpm-bo(56207)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"
},
{
"name": "SUSE-SR:2010:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"name": "DSA-2026",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup"
},
{
"name": "38915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38915"
},
{
"name": "38164",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38164"
},
{
"name": "MDVSA-2010:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4274",
"datePublished": "2010-02-12T21:00:00",
"dateReserved": "2009-12-10T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2580
Vulnerability from cvelistv5
Published
2018-07-27 18:00
Modified
2024-08-05 13:55
Severity ?
EPSS score ?
Summary
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96712 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2580 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00056.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:55:06.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96712",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2580"
},
{
"name": "openSUSE-SU-2019:1605",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00056.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netpbm",
"vendor": "Netpbm",
"versions": [
{
"status": "affected",
"version": "10.61"
}
]
}
],
"datePublic": "2018-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-24T14:06:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "96712",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2580"
},
{
"name": "openSUSE-SU-2019:1605",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00056.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netpbm",
"version": {
"version_data": [
{
"version_value": "10.61"
}
]
}
}
]
},
"vendor_name": "Netpbm"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.5/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96712"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2580",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2580"
},
{
"name": "openSUSE-SU-2019:1605",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00056.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2580",
"datePublished": "2018-07-27T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:55:06.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2579
Vulnerability from cvelistv5
Published
2018-07-27 18:00
Modified
2024-08-05 13:55
Severity ?
EPSS score ?
Summary
An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96714 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00056.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:55:06.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579"
},
{
"name": "96714",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96714"
},
{
"name": "openSUSE-SU-2019:1605",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00056.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netpbm",
"vendor": "Netpbm",
"versions": [
{
"status": "affected",
"version": "10.61"
}
]
}
],
"datePublic": "2018-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-24T14:06:11",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579"
},
{
"name": "96714",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96714"
},
{
"name": "openSUSE-SU-2019:1605",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00056.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netpbm",
"version": {
"version_data": [
{
"version_value": "10.61"
}
]
}
}
]
},
"vendor_name": "Netpbm"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579"
},
{
"name": "96714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96714"
},
{
"name": "openSUSE-SU-2019:1605",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00056.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2579",
"datePublished": "2018-07-27T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:55:06.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3145
Vulnerability from cvelistv5
Published
2006-06-22 22:00
Modified
2024-08-07 18:16
Severity ?
EPSS score ?
Summary
Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/2449 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27244 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/20775 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=425770 | x_refsource_CONFIRM | |
| http://www.trustix.org/errata/2006/0037 | vendor-advisory, x_refsource_TRUSTIX | |
| http://secunia.com/advisories/20729 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/18525 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:06.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2449",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2449"
},
{
"name": "netpbm-pamtofits-offbyone-bo(27244)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27244"
},
{
"name": "20775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20775"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=425770"
},
{
"name": "2006-0037",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0037"
},
{
"name": "20729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20729"
},
{
"name": "18525",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18525"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2449",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2449"
},
{
"name": "netpbm-pamtofits-offbyone-bo(27244)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27244"
},
{
"name": "20775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20775"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=425770"
},
{
"name": "2006-0037",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0037"
},
{
"name": "20729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20729"
},
{
"name": "18525",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18525"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2449"
},
{
"name": "netpbm-pamtofits-offbyone-bo(27244)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27244"
},
{
"name": "20775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20775"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=425770",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=425770"
},
{
"name": "2006-0037",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0037"
},
{
"name": "20729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20729"
},
{
"name": "18525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18525"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3145",
"datePublished": "2006-06-22T22:00:00",
"dateReserved": "2006-06-22T00:00:00",
"dateUpdated": "2024-08-07T18:16:06.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2581
Vulnerability from cvelistv5
Published
2018-07-27 18:00
Modified
2024-08-05 13:55
Severity ?
EPSS score ?
Summary
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2581 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96710 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:55:06.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2581"
},
{
"name": "96710",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netpbm",
"vendor": "Netpbm",
"versions": [
{
"status": "affected",
"version": "10.61"
}
]
}
],
"datePublic": "2018-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-28T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2581"
},
{
"name": "96710",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96710"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netpbm",
"version": {
"version_data": [
{
"version_value": "10.61"
}
]
}
}
]
},
"vendor_name": "Netpbm"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.5/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2581",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2581"
},
{
"name": "96710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96710"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-2581",
"datePublished": "2018-07-27T18:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:55:06.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2471
Vulnerability from cvelistv5
Published
2005-08-05 04:00
Modified
2024-08-07 22:30
Severity ?
EPSS score ?
Summary
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:00.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "netpbm-dsafer-command-execution(21500)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21500"
},
{
"name": "14379",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14379"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11645",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11645"
},
{
"name": "2005-0038",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0038/"
},
{
"name": "DSA-1021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757"
},
{
"name": "18330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18330"
},
{
"name": "1014752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014752"
},
{
"name": "19436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19436"
},
{
"name": "16184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16184"
},
{
"name": "RHSA-2005:743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-743.html"
},
{
"name": "18253",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "pstopnm in netpbm does not properly use the \"-dSAFER\" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "netpbm-dsafer-command-execution(21500)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21500"
},
{
"name": "14379",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14379"
},
{
"name": "SUSE-SR:2005:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11645",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11645"
},
{
"name": "2005-0038",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0038/"
},
{
"name": "DSA-1021",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757"
},
{
"name": "18330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18330"
},
{
"name": "1014752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014752"
},
{
"name": "19436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19436"
},
{
"name": "16184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16184"
},
{
"name": "RHSA-2005:743",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-743.html"
},
{
"name": "18253",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18253"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pstopnm in netpbm does not properly use the \"-dSAFER\" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netpbm-dsafer-command-execution(21500)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21500"
},
{
"name": "14379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14379"
},
{
"name": "SUSE-SR:2005:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"name": "oval:org.mitre.oval:def:11645",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11645"
},
{
"name": "2005-0038",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0038/"
},
{
"name": "DSA-1021",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1021"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757"
},
{
"name": "18330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18330"
},
{
"name": "1014752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014752"
},
{
"name": "19436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19436"
},
{
"name": "16184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16184"
},
{
"name": "RHSA-2005:743",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-743.html"
},
{
"name": "18253",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18253"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2471",
"datePublished": "2005-08-05T04:00:00",
"dateReserved": "2005-08-05T00:00:00",
"dateUpdated": "2024-08-07T22:30:00.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0924
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:34.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040201-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"name": "MDKSA-2004:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011"
},
{
"name": "VU#487102",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/487102"
},
{
"name": "RHSA-2004:031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-031.html"
},
{
"name": "oval:org.mitre.oval:def:804",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A804"
},
{
"name": "DSA-426",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-426"
},
{
"name": "netpbm-temp-insecure-file(14874)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14874"
},
{
"name": "oval:org.mitre.oval:def:810",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A810"
},
{
"name": "GLSA-200410-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml"
},
{
"name": "9442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9442"
},
{
"name": "RHSA-2004:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040201-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"name": "MDKSA-2004:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011"
},
{
"name": "VU#487102",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/487102"
},
{
"name": "RHSA-2004:031",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-031.html"
},
{
"name": "oval:org.mitre.oval:def:804",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A804"
},
{
"name": "DSA-426",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-426"
},
{
"name": "netpbm-temp-insecure-file(14874)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14874"
},
{
"name": "oval:org.mitre.oval:def:810",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A810"
},
{
"name": "GLSA-200410-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml"
},
{
"name": "9442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9442"
},
{
"name": "RHSA-2004:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040201-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"name": "MDKSA-2004:011",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011"
},
{
"name": "VU#487102",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/487102"
},
{
"name": "RHSA-2004:031",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-031.html"
},
{
"name": "oval:org.mitre.oval:def:804",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A804"
},
{
"name": "DSA-426",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-426"
},
{
"name": "netpbm-temp-insecure-file(14874)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14874"
},
{
"name": "oval:org.mitre.oval:def:810",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A810"
},
{
"name": "GLSA-200410-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml"
},
{
"name": "9442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9442"
},
{
"name": "RHSA-2004:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0924",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-11-04T00:00:00",
"dateUpdated": "2024-08-08T02:12:34.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3632
Vulnerability from cvelistv5
Published
2005-11-21 22:00
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "RHSA-2005:843",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-843.html"
},
{
"name": "17544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17544"
},
{
"name": "15514",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15514"
},
{
"name": "oval:org.mitre.oval:def:11165",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11165"
},
{
"name": "ADV-2005-2418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2418"
},
{
"name": "MDKSA-2005:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:217"
},
{
"name": "17679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17679"
},
{
"name": "17828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17828"
},
{
"name": "18186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18186"
},
{
"name": "17671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17671"
},
{
"name": "USN-218-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/218-1/"
},
{
"name": "DSA-904",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "RHSA-2005:843",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-843.html"
},
{
"name": "17544",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17544"
},
{
"name": "15514",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15514"
},
{
"name": "oval:org.mitre.oval:def:11165",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11165"
},
{
"name": "ADV-2005-2418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2418"
},
{
"name": "MDKSA-2005:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:217"
},
{
"name": "17679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17679"
},
{
"name": "17828",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17828"
},
{
"name": "18186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18186"
},
{
"name": "17671",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17671"
},
{
"name": "USN-218-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/218-1/"
},
{
"name": "DSA-904",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-904"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-3632",
"datePublished": "2005-11-21T22:00:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0554
Vulnerability from cvelistv5
Published
2008-02-08 01:00
Modified
2024-08-07 07:46
Severity ?
EPSS score ?
Summary
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-665-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-665-1"
},
{
"name": "27682",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27682"
},
{
"name": "RHSA-2008:0131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0131.html"
},
{
"name": "oval:org.mitre.oval:def:10975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464056"
},
{
"name": "29079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29079"
},
{
"name": "MDVSA-2008:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:039"
},
{
"name": "1019358",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019358"
},
{
"name": "32607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32607"
},
{
"name": "30280",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30280"
},
{
"name": "ADV-2008-0460",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0460"
},
{
"name": "DSA-1579",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-665-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-665-1"
},
{
"name": "27682",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27682"
},
{
"name": "RHSA-2008:0131",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0131.html"
},
{
"name": "oval:org.mitre.oval:def:10975",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464056"
},
{
"name": "29079",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29079"
},
{
"name": "MDVSA-2008:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:039"
},
{
"name": "1019358",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019358"
},
{
"name": "32607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32607"
},
{
"name": "30280",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30280"
},
{
"name": "ADV-2008-0460",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0460"
},
{
"name": "DSA-1579",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.rpath.com/browse/RPL-2216"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-0554",
"datePublished": "2008-02-08T01:00:00",
"dateReserved": "2008-02-01T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-10-18 22:02
Modified
2024-11-21 00:00
Severity ?
Summary
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netpbm | netpbm | 10.0 | |
| netpbm | netpbm | 10.1 | |
| netpbm | netpbm | 10.2 | |
| netpbm | netpbm | 10.3 | |
| netpbm | netpbm | 10.4 | |
| netpbm | netpbm | 10.5 | |
| netpbm | netpbm | 10.6 | |
| netpbm | netpbm | 10.7 | |
| netpbm | netpbm | 10.8 | |
| netpbm | netpbm | 10.9 | |
| netpbm | netpbm | 10.10 | |
| netpbm | netpbm | 10.11 | |
| netpbm | netpbm | 10.12 | |
| netpbm | netpbm | 10.13 | |
| netpbm | netpbm | 10.14 | |
| netpbm | netpbm | 10.15 | |
| netpbm | netpbm | 10.16 | |
| netpbm | netpbm | 10.17 | |
| netpbm | netpbm | 10.18 | |
| netpbm | netpbm | 10.19 | |
| netpbm | netpbm | 10.20 | |
| netpbm | netpbm | 10.21 | |
| netpbm | netpbm | 10.22 | |
| netpbm | netpbm | 10.23 | |
| netpbm | netpbm | 10.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F79F02C3-950F-4D47-971A-3C1367F1642C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0344253A-AF59-499B-81DF-5494A34B115F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7297482-7D30-484A-8F8D-AFEA2E468725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93BA3D19-C291-468E-9E4E-E8374AE1BD32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85CF9240-FAEE-4BA2-8374-8B81F738521A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45457716-9219-4A88-A824-B45FA16643D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "93A0526D-918E-4FAE-90AF-2BA49F9D5276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD350ED-1327-483A-BF73-02AB9924EDED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98C11849-BCD4-4982-A779-435669BD668F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C94984E9-22EE-4B24-AFCB-52137A871117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23B10069-89E1-4E63-BCFF-C210CE3C5655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EC42B061-EB8E-49B4-B041-42B31672C42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAE142A-4F71-4452-8DAD-9D6BA11EBF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "179366EE-D637-4345-8759-81D5E12EFFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "725CFC44-43C8-47FF-9935-FA006B6338FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3A331F93-08C2-4F45-98AD-46DBE38A9785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFB0157-CF91-4FCB-8786-4024595B3EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "92045C29-20B4-46D0-9643-491BB0642D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "148A51ED-1A00-45D3-934E-96CA2759F5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "77BE0692-E688-4438-98C7-FA1FCE05F41C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1904CB89-F576-4DFF-9639-9263D0ADE0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "50D11F39-3B4F-43E4-AC5E-E1B5931BCBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "97023E9B-520D-4E6F-BA7F-052BA89BF2E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "93A152B4-8483-4874-88C0-4679831BB60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBAE4A7-B0E1-4E50-8775-CAEF3E49B7EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack."
}
],
"id": "CVE-2005-2978",
"lastModified": "2024-11-21T00:00:51.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-18T22:02:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17221"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17222"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17256"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17265"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17282"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17357"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1015071"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-878"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-793.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/15128"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/2133"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10135"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/210-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-793.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/210-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "739F589E-8507-4D16-95A3-31270D1FD557",
"versionEndIncluding": "9.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files."
},
{
"lang": "es",
"value": "netpbm 2:9.25 y anteriores no crea adecuadamente ficheros temporales, lo que permite a usuarios locales sobreescribir ficheros arbitrarios."
}
],
"id": "CVE-2003-0924",
"lastModified": "2024-11-20T23:45:47.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-426"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/487102"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-030.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9442"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14874"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A804"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/487102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A810"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-22 22:06
Modified
2024-11-21 00:12
Severity ?
Summary
Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9F97984A-04F4-4F69-B03B-D06FD0F21EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.31:*:*:*:*:*:*:*",
"matchCriteriaId": "53FB010A-9B82-41F9-9DDB-4DCC0BFA0365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.32:*:*:*:*:*:*:*",
"matchCriteriaId": "07292430-0952-4E40-9012-1DD5709D2F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.33:*:*:*:*:*:*:*",
"matchCriteriaId": "019C4B30-4F04-4068-80B1-884F9607EC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en pamtofits de NetPBM v10.30 hasta 10.33, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o ejecutar c\u00f3digo de su elecci\u00f3n en el ensamblado de la cabecera, relacionado posiblemente con un error de superaci\u00f3n de l\u00edmite."
}
],
"id": "CVE-2006-3145",
"lastModified": "2024-11-21T00:12:54.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-22T22:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20729"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20775"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=425770"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18525"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0037"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2449"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=425770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27244"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue did not affect the versions of NetPBM distributed with Red Hat Enterprise Linux 2.1, 3, or 4.",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-08 02:00
Modified
2024-11-21 00:42
Severity ?
Summary
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCFE3C4-89EC-4BCF-9DB8-02586857C1D4",
"versionEndIncluding": "10.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484."
},
{
"lang": "es",
"value": "Desbordamiento de Buffer en la funci\u00f3n readImageData en giftopnm.c de netpbm en versiones anteriores a 10.27 y de netpbm en versiones anteriores a 10.27 permite a atacantes remotos con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de im\u00e1genes GIF manipuladas, similar a CVE-2006-4484."
}
],
"id": "CVE-2008-0554",
"lastModified": "2024-11-21T00:42:22.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-08T02:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464056"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29079"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30280"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32607"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-665-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2008/dsa-1579"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:039"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0131.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/27682"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1019358"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/0460"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2216"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-665-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0131.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10975"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-05 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netpbm:netpbm:2.10.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E21F0D2D-880B-44DA-BEF0-704CD7AE0B87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pstopnm in netpbm does not properly use the \"-dSAFER\" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands."
},
{
"lang": "es",
"value": "pstopnm en netpbm no usa adecuadamente la opci\u00f3n \"-dSAFER\" (cuando llama a Ghostscript para convertir un archivo PostScript en un pbm, pgm o pnm), lo que permite que atacantes remotos con la intervenci\u00f3n del usuario puedan ejecutar comandos arbitrarios."
}
],
"id": "CVE-2005-2471",
"lastModified": "2024-11-20T23:59:37.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16184"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18330"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19436"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014752"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1021"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/18253"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-743.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14379"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0038/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21500"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_19_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-743.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0038/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11645"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-31 00:00
Modified
2024-11-21 00:52
Severity ?
Summary
pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82963CDA-0BC3-4B7C-A4E8-4DE594791817",
"versionEndIncluding": "10.35.47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0FA58E-ED6E-428A-919B-385CADF04C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E377CD47-B4F8-49B0-B894-C7D0D9428897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C517BF8-DA92-4700-BEBE-EE07E86E4E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D633B098-9979-4D81-9122-A1A23B31C4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF35F07-D445-42C4-BB9B-261A20FF4BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58D13E0B-00CB-483D-8443-A400E62218DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9661931F-2DCF-41CE-952C-BE4AC2C9FBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "12F335C6-5A79-4550-8A7B-6913F5391FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35005AEB-02F1-46D7-8C15-C3F1D728B14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CC050899-40B9-41BE-B69D-97F3C40E9109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4940BA3B-51B3-42E8-AD3B-35920EEE1868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "16A77FB0-4E73-4E7D-8500-2E83931ADD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3D46BFA3-70FB-4841-A2E5-AF8C066020CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB0710E-96B4-4533-89DA-92FED546643B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F63560-A91B-4414-9EAB-42D4BBD68A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "53BA729C-B453-4B78-BFA9-FB653A22E25F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "92E5C04B-55C9-4809-915D-E7F3E4FD711B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0465F083-78C3-4A07-9BFE-AAFA5861B3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B9FED947-5586-420F-9F4E-1DB54EF7FADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AD91C8C5-1248-4B6F-895A-DE8971B335B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9268261C-3E8B-49F8-A078-A034B062C904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0F81484A-5277-4825-86B1-2C0B60442FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF598EC-4646-49DC-96F2-507FDF1288A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3866AE-D4E2-450E-838C-FC4C3E2BAB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F53F73-F07D-48A3-B19F-BE0A10BC15A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "610A654F-2779-4EDB-B3BF-6BB4E60A1B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F72046EA-E4D7-42B5-8A5E-E0719D30A063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "16AE315C-30D3-4FEA-A5A0-00040487E8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5D0B01-B60C-4312-8D23-9DD1A527CD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.25:*:*:*:*:*:*:*",
"matchCriteriaId": "6A171D13-7A7E-4064-BF96-E99294016AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F79F02C3-950F-4D47-971A-3C1367F1642C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0344253A-AF59-499B-81DF-5494A34B115F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7297482-7D30-484A-8F8D-AFEA2E468725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93BA3D19-C291-468E-9E4E-E8374AE1BD32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85CF9240-FAEE-4BA2-8374-8B81F738521A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45457716-9219-4A88-A824-B45FA16643D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "93A0526D-918E-4FAE-90AF-2BA49F9D5276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD350ED-1327-483A-BF73-02AB9924EDED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98C11849-BCD4-4982-A779-435669BD668F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C94984E9-22EE-4B24-AFCB-52137A871117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23B10069-89E1-4E63-BCFF-C210CE3C5655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAE142A-4F71-4452-8DAD-9D6BA11EBF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "179366EE-D637-4345-8759-81D5E12EFFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "725CFC44-43C8-47FF-9935-FA006B6338FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3A331F93-08C2-4F45-98AD-46DBE38A9785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFB0157-CF91-4FCB-8786-4024595B3EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "92045C29-20B4-46D0-9643-491BB0642D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "148A51ED-1A00-45D3-934E-96CA2759F5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "77BE0692-E688-4438-98C7-FA1FCE05F41C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1904CB89-F576-4DFF-9639-9263D0ADE0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "50D11F39-3B4F-43E4-AC5E-E1B5931BCBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "97023E9B-520D-4E6F-BA7F-052BA89BF2E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "93A152B4-8483-4874-88C0-4679831BB60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBAE4A7-B0E1-4E50-8775-CAEF3E49B7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE78BA1-4001-4676-8BCB-FBC081A5D733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "FF606C17-AD8A-4D81-AB55-50B0C4B7763F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "906047FD-1D75-4F97-977D-2A22A1DC87B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA92693-6629-4A8D-9C54-418569C852F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F078E1C6-3FB7-415B-A49A-455BE55148B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9F97984A-04F4-4F69-B03B-D06FD0F21EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.31:*:*:*:*:*:*:*",
"matchCriteriaId": "53FB010A-9B82-41F9-9DDB-4DCC0BFA0365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.32:*:*:*:*:*:*:*",
"matchCriteriaId": "07292430-0952-4E40-9012-1DD5709D2F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.33:*:*:*:*:*:*:*",
"matchCriteriaId": "019C4B30-4F04-4068-80B1-884F9607EC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F74038FE-C361-415B-AC47-744D3792E707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6B8C20-2603-4BC6-A9C5-363E45B86492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.01:*:*:*:*:*:*:*",
"matchCriteriaId": "16998237-B53D-4E6C-B2E7-3C17BE483780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.02:*:*:*:*:*:*:*",
"matchCriteriaId": "4998E602-7E72-4ED9-806F-2DF117827F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5A01D9E5-14BD-416D-8363-278FBA991BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.04:*:*:*:*:*:*:*",
"matchCriteriaId": "59B55BD5-0E1C-4A13-965C-BAFBE480C384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.05:*:*:*:*:*:*:*",
"matchCriteriaId": "EC498C66-4E32-4E4B-9BB0-3943CB963BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.06:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4F989C-B9AF-4A0D-A39E-A9405E38229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.07:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC7D4D-09B1-4063-9FE8-F88032B91FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.08:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF8AB55-8A95-47CD-960A-E9A920632B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.09:*:*:*:*:*:*:*",
"matchCriteriaId": "FB45C9DA-9503-4F5C-8079-0C47E778EAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1D6ABC-D56F-4484-90D0-45CD3E7B682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B48121BF-EDA1-4EAD-B24B-7BAF6668D4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9E079966-8423-4638-8A55-BC9F2412D4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE5E653-3B78-4DCE-9FE8-1126FC18D8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D339F6D7-9E9A-46C2-9823-E534F3BEBDC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A829E428-77AA-4B8F-B4E6-BB89F0054F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6470755-BE74-49FB-B4C7-6869FB33A096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEFA0BB-1542-4A88-BC95-A60AAEF90D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.18:*:*:*:*:*:*:*",
"matchCriteriaId": "090C90E2-D688-44C2-88D7-E40F7D919FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.19:*:*:*:*:*:*:*",
"matchCriteriaId": "675512A2-6E2A-46BA-9237-114B4EA6248F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.20:*:*:*:*:*:*:*",
"matchCriteriaId": "185FF47F-321E-4D26-893D-BB4F4B532670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B402DB46-6103-4428-B6BF-9263D9270EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.22:*:*:*:*:*:*:*",
"matchCriteriaId": "599D4BAC-1266-4A30-A4C5-4BA13EC47F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.23:*:*:*:*:*:*:*",
"matchCriteriaId": "23241E2B-21B9-4C97-B865-5C3652C27401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A40DC0-AE35-4597-8A55-D5022289435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C12B85A1-5607-4037-A362-0270EF710514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.26:*:*:*:*:*:*:*",
"matchCriteriaId": "03B39A1A-DC18-413E-A869-9D6C7C77BF8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.27:*:*:*:*:*:*:*",
"matchCriteriaId": "4F62F30D-F8D9-4B47-9CFC-8F54B3F589C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.28:*:*:*:*:*:*:*",
"matchCriteriaId": "89B0ACB2-FE13-4145-8EAE-9D6FB7FEDD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.29:*:*:*:*:*:*:*",
"matchCriteriaId": "0253F8B8-346C-40F0-9225-4593EAF39861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.30:*:*:*:*:*:*:*",
"matchCriteriaId": "2411D682-BEB2-41E0-B211-4E8EA0E551C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.31:*:*:*:*:*:*:*",
"matchCriteriaId": "97036446-8A06-4AB6-842B-2186A88FBB1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F56AC-906E-4713-83ED-79A8673F59BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A77A17C7-C323-4182-A099-BB3E92BF12D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.34:*:*:*:*:*:*:*",
"matchCriteriaId": "82DB51EA-A050-417A-8603-97BD33ACB9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.35:*:*:*:*:*:*:*",
"matchCriteriaId": "48468D84-76E9-476D-8470-3950C8281118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.36:*:*:*:*:*:*:*",
"matchCriteriaId": "7472AD57-68B3-43BE-95D4-F21D39708A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.37:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA0C21F-DB95-43D9-B7B2-B076043828E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.38:*:*:*:*:*:*:*",
"matchCriteriaId": "3658F6EA-E897-4A24-AD82-F3EBD4567D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.39:*:*:*:*:*:*:*",
"matchCriteriaId": "F887C654-43D9-4374-88D8-DCA800B7F449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34001491-58AD-4F6C-9159-C27671EA1574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.41:*:*:*:*:*:*:*",
"matchCriteriaId": "347D3197-1915-4417-B72D-0C23BEFBAA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.42:*:*:*:*:*:*:*",
"matchCriteriaId": "0256E7B3-E119-41A4-B49D-4C08D364C22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.43:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA3DD4D-28E0-4266-9024-A4DFF832512E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.44:*:*:*:*:*:*:*",
"matchCriteriaId": "02FAFCFB-0D3F-4906-ADCE-BF7F06167692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.45:*:*:*:*:*:*:*",
"matchCriteriaId": "EB184F25-C4ED-4655-B79D-6B00E22F9097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.46:*:*:*:*:*:*:*",
"matchCriteriaId": "43FC34D4-576B-46D6-B13C-EE17C0A5AAE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "pamperspective en Netpbm anterior a v10.35.48 no calcula correctamente la altura de una ventana, lo que permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una archivo de imagen manipulado que dispara una lectura fuera de los l\u00edmites."
}
],
"id": "CVE-2008-4799",
"lastModified": "2024-11-21T00:52:35.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-10-31T00:00:00.717",
"references": [
{
"source": "cve@mitre.org",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/22/7"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31871"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46054"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00058.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/22/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/23/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00069.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue can only cause pamperspective to crash when used on specially crafted messages. We do not consider this to be a security issue.",
"lastModified": "2008-10-31T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-31 05:00
Modified
2024-11-20 23:44
Severity ?
Summary
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40D0342E-E5B3-4E4A-ABDE-F2B9A5B0828A",
"versionEndIncluding": "9.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via \"maths overflow errors\" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows."
}
],
"id": "CVE-2003-0146",
"lastModified": "2024-11-20T23:44:05.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000656"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104644687816522\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-263"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/630433"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-060.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6979"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104644687816522\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/630433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11463"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-12 21:30
Modified
2024-11-21 01:09
Severity ?
Summary
Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F79F02C3-950F-4D47-971A-3C1367F1642C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0344253A-AF59-499B-81DF-5494A34B115F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7297482-7D30-484A-8F8D-AFEA2E468725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93BA3D19-C291-468E-9E4E-E8374AE1BD32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85CF9240-FAEE-4BA2-8374-8B81F738521A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45457716-9219-4A88-A824-B45FA16643D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "93A0526D-918E-4FAE-90AF-2BA49F9D5276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD350ED-1327-483A-BF73-02AB9924EDED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98C11849-BCD4-4982-A779-435669BD668F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C94984E9-22EE-4B24-AFCB-52137A871117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23B10069-89E1-4E63-BCFF-C210CE3C5655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EC42B061-EB8E-49B4-B041-42B31672C42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAE142A-4F71-4452-8DAD-9D6BA11EBF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "179366EE-D637-4345-8759-81D5E12EFFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "725CFC44-43C8-47FF-9935-FA006B6338FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3A331F93-08C2-4F45-98AD-46DBE38A9785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFB0157-CF91-4FCB-8786-4024595B3EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "92045C29-20B4-46D0-9643-491BB0642D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "148A51ED-1A00-45D3-934E-96CA2759F5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "77BE0692-E688-4438-98C7-FA1FCE05F41C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1904CB89-F576-4DFF-9639-9263D0ADE0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "50D11F39-3B4F-43E4-AC5E-E1B5931BCBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "97023E9B-520D-4E6F-BA7F-052BA89BF2E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "93A152B4-8483-4874-88C0-4679831BB60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBAE4A7-B0E1-4E50-8775-CAEF3E49B7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE78BA1-4001-4676-8BCB-FBC081A5D733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "FF606C17-AD8A-4D81-AB55-50B0C4B7763F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "906047FD-1D75-4F97-977D-2A22A1DC87B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA92693-6629-4A8D-9C54-418569C852F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F078E1C6-3FB7-415B-A49A-455BE55148B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9F97984A-04F4-4F69-B03B-D06FD0F21EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.31:*:*:*:*:*:*:*",
"matchCriteriaId": "53FB010A-9B82-41F9-9DDB-4DCC0BFA0365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.32:*:*:*:*:*:*:*",
"matchCriteriaId": "07292430-0952-4E40-9012-1DD5709D2F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.33:*:*:*:*:*:*:*",
"matchCriteriaId": "019C4B30-4F04-4068-80B1-884F9607EC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F74038FE-C361-415B-AC47-744D3792E707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6B8C20-2603-4BC6-A9C5-363E45B86492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.01:*:*:*:*:*:*:*",
"matchCriteriaId": "16998237-B53D-4E6C-B2E7-3C17BE483780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.02:*:*:*:*:*:*:*",
"matchCriteriaId": "4998E602-7E72-4ED9-806F-2DF117827F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5A01D9E5-14BD-416D-8363-278FBA991BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.04:*:*:*:*:*:*:*",
"matchCriteriaId": "59B55BD5-0E1C-4A13-965C-BAFBE480C384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.05:*:*:*:*:*:*:*",
"matchCriteriaId": "EC498C66-4E32-4E4B-9BB0-3943CB963BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.06:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4F989C-B9AF-4A0D-A39E-A9405E38229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.07:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC7D4D-09B1-4063-9FE8-F88032B91FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.08:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF8AB55-8A95-47CD-960A-E9A920632B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.09:*:*:*:*:*:*:*",
"matchCriteriaId": "FB45C9DA-9503-4F5C-8079-0C47E778EAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1D6ABC-D56F-4484-90D0-45CD3E7B682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B48121BF-EDA1-4EAD-B24B-7BAF6668D4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9E079966-8423-4638-8A55-BC9F2412D4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE5E653-3B78-4DCE-9FE8-1126FC18D8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D339F6D7-9E9A-46C2-9823-E534F3BEBDC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A829E428-77AA-4B8F-B4E6-BB89F0054F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6470755-BE74-49FB-B4C7-6869FB33A096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEFA0BB-1542-4A88-BC95-A60AAEF90D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.18:*:*:*:*:*:*:*",
"matchCriteriaId": "090C90E2-D688-44C2-88D7-E40F7D919FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.19:*:*:*:*:*:*:*",
"matchCriteriaId": "675512A2-6E2A-46BA-9237-114B4EA6248F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.20:*:*:*:*:*:*:*",
"matchCriteriaId": "185FF47F-321E-4D26-893D-BB4F4B532670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B402DB46-6103-4428-B6BF-9263D9270EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.22:*:*:*:*:*:*:*",
"matchCriteriaId": "599D4BAC-1266-4A30-A4C5-4BA13EC47F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.23:*:*:*:*:*:*:*",
"matchCriteriaId": "23241E2B-21B9-4C97-B865-5C3652C27401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A40DC0-AE35-4597-8A55-D5022289435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C12B85A1-5607-4037-A362-0270EF710514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.26:*:*:*:*:*:*:*",
"matchCriteriaId": "03B39A1A-DC18-413E-A869-9D6C7C77BF8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.27:*:*:*:*:*:*:*",
"matchCriteriaId": "4F62F30D-F8D9-4B47-9CFC-8F54B3F589C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.28:*:*:*:*:*:*:*",
"matchCriteriaId": "89B0ACB2-FE13-4145-8EAE-9D6FB7FEDD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.29:*:*:*:*:*:*:*",
"matchCriteriaId": "0253F8B8-346C-40F0-9225-4593EAF39861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.30:*:*:*:*:*:*:*",
"matchCriteriaId": "2411D682-BEB2-41E0-B211-4E8EA0E551C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.31:*:*:*:*:*:*:*",
"matchCriteriaId": "97036446-8A06-4AB6-842B-2186A88FBB1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F56AC-906E-4713-83ED-79A8673F59BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A77A17C7-C323-4182-A099-BB3E92BF12D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.34:*:*:*:*:*:*:*",
"matchCriteriaId": "82DB51EA-A050-417A-8603-97BD33ACB9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.35:*:*:*:*:*:*:*",
"matchCriteriaId": "48468D84-76E9-476D-8470-3950C8281118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.36:*:*:*:*:*:*:*",
"matchCriteriaId": "7472AD57-68B3-43BE-95D4-F21D39708A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.37:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA0C21F-DB95-43D9-B7B2-B076043828E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.38:*:*:*:*:*:*:*",
"matchCriteriaId": "3658F6EA-E897-4A24-AD82-F3EBD4567D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.39:*:*:*:*:*:*:*",
"matchCriteriaId": "F887C654-43D9-4374-88D8-DCA800B7F449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34001491-58AD-4F6C-9159-C27671EA1574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.41:*:*:*:*:*:*:*",
"matchCriteriaId": "347D3197-1915-4417-B72D-0C23BEFBAA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.42:*:*:*:*:*:*:*",
"matchCriteriaId": "0256E7B3-E119-41A4-B49D-4C08D364C22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.43:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA3DD4D-28E0-4266-9024-A4DFF832512E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.44:*:*:*:*:*:*:*",
"matchCriteriaId": "02FAFCFB-0D3F-4906-ADCE-BF7F06167692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.45:*:*:*:*:*:*:*",
"matchCriteriaId": "EB184F25-C4ED-4655-B79D-6B00E22F9097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.46:*:*:*:*:*:*:*",
"matchCriteriaId": "43FC34D4-576B-46D6-B13C-EE17C0A5AAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.47:*:*:*:*:*:*:*",
"matchCriteriaId": "0618AF8A-0927-45CC-8BF5-93B1083B8147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.36.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4A715086-7459-4E99-8936-49F77323D17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.37.00:*:*:*:*:*:*:*",
"matchCriteriaId": "979690E7-827E-4131-A3CD-235340A2FC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.38.00:*:*:*:*:*:*:*",
"matchCriteriaId": "AD21B69B-5500-4130-9603-F46998AC7D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.39.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0E222667-1825-4377-AD6E-5C88979CD5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.40.00:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA2DCC3-007C-4EA4-BD2B-18C776D3CBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.41.00:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A9A4DD-FCE5-4585-97A5-F91120F9F2D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.42.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8E6AAC-2DFD-4E6F-BAFA-FC002E7FBF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.43.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9C739F6A-7DA4-4069-827D-B78DA08E4C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.44.00:*:*:*:*:*:*:*",
"matchCriteriaId": "04BE3C40-8066-4C41-A566-F89236D5F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.45.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A66AB52D-ECF8-4D0E-906F-7FA1AC41CD84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.46.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C11B4771-81FF-4FA4-AB56-0BD51AFF10D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.00:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E831F-F5FB-487F-9359-A7188C2206BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.01:*:*:*:*:*:*:*",
"matchCriteriaId": "756FB7A1-2FD3-40A6-B992-5D5FF0E6A736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.02:*:*:*:*:*:*:*",
"matchCriteriaId": "51CEA68F-46F0-4795-9839-D961FC1A394F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.03:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6F7C0A-FF13-4C64-B9D3-5E71FCF87813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B20DFC28-0489-404A-8783-DCA6157EACCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.05:*:*:*:*:*:*:*",
"matchCriteriaId": "533419D8-A51D-4C51-A898-7E9068722FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.06:*:*:*:*:*:*:*",
"matchCriteriaId": "E141EBC6-830D-4ADD-8D03-DB528FF3E117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en converter/ppm/xpmtoppm.c en netpbm anterior a v10.47.07, permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio(ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo de imagen XPM que contiene un campo de cabecera (header) manipulado asociado con un valor alto del \u00edndice de color."
}
],
"id": "CVE-2009-4274",
"lastModified": "2024-11-21T01:09:17.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-12T21:30:00.533",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch\u0026r1=995\u0026r2=1076\u0026pathrev=1076"
},
{
"source": "secalert@redhat.com",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38530"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38915"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2026"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/02/09/11"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/38164"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0358"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0780"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch\u0026r1=995\u0026r2=1076\u0026pathrev=1076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/02/09/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4274\n\nThe Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/",
"lastModified": "2010-02-17T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-21 22:03
Modified
2024-11-21 00:02
Severity ?
Summary
Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F53F73-F07D-48A3-B19F-BE0A10BC15A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "610A654F-2779-4EDB-B3BF-6BB4E60A1B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F72046EA-E4D7-42B5-8A5E-E0719D30A063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "16AE315C-30D3-4FEA-A5A0-00040487E8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5D0B01-B60C-4312-8D23-9DD1A527CD14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:9.25:*:*:*:*:*:*:*",
"matchCriteriaId": "6A171D13-7A7E-4064-BF96-E99294016AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F79F02C3-950F-4D47-971A-3C1367F1642C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file."
}
],
"id": "CVE-2005-3632",
"lastModified": "2024-11-21T00:02:18.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-21T22:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17544"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17671"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17679"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17828"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18186"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-904"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:217"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-843.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/15514"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/2418"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11165"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/218-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-843.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/218-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}