aru Posted November 30, 2005 Share Posted November 30, 2005 Mandriva Advisories MDKSA-2005:217 : netpbm Updated netpbm packages fix pnmtopng vulnerabilities November 30th, 2005 Greg Roelofs discovered and fixed several buffer overflows in pnmtopng which is also included in netpbm, a collection of graphic conversion utilities, that can lead to the execution of arbitrary code via a specially crafted PNM file. Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file. (CVE-2005-3632) An off-by-one buffer overflow in pnmtopng, when using the -alpha command line option, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors. (CVE-2005-3662) The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.1 CS2.1 CS3.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:217 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts