Executive Summary

Summary
TitleNew netpbm-free packages fix denial of service
Informations
NameDSA-2026First vendor Publication2010-04-02
VendorDebianLast vendor Modification2010-04-02
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities. An attacker could cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.



For the stable distribution (lenny), this problem has been fixed in version 2:10.0-12+lenny1.

For the testing distribution (squeeze), this problem has been fixed in version 2:10.0-12.1+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.



Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available.

We recommend that you upgrade your netpbm-free package.

Original Source

Url : http://www.debian.org/security/2010/dsa-2026

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application101

OpenVAS Exploits

DateDescription
2012-07-30Name : CentOS Update for netpbm CESA-2011:1811 centos4 x86_64
File : nvt/gb_CESA-2011_1811_netpbm_centos4_x86_64.nasl
2012-07-30Name : CentOS Update for netpbm CESA-2011:1811 centos5 x86_64
File : nvt/gb_CESA-2011_1811_netpbm_centos5_x86_64.nasl
2011-12-16Name : RedHat Update for netpbm RHSA-2011:1811-01
File : nvt/gb_RHSA-2011_1811-01_netpbm.nasl
2011-12-16Name : CentOS Update for netpbm CESA-2011:1811 centos4 i386
File : nvt/gb_CESA-2011_1811_netpbm_centos4_i386.nasl
2011-12-16Name : CentOS Update for netpbm CESA-2011:1811 centos5 i386
File : nvt/gb_CESA-2011_1811_netpbm_centos5_i386.nasl
2010-04-30Name : Ubuntu Update for netpbm-free vulnerability USN-934-1
File : nvt/gb_ubuntu_USN_934_1.nasl
2010-02-19Name : Mandriva Update for netpbm MDVSA-2010:039 (netpbm)
File : nvt/gb_mandriva_MDVSA_2010_039.nasl
2010-02-17Name : NetPBM 'xpmtoppm' Converter Buffer Overflow Vulnerability
File : nvt/gb_netpbm_xpmtoppm_bof_vuln.nasl
2010-01-22Name : Mandriva Update for dbus-glib MDVA-2010:039 (dbus-glib)
File : nvt/gb_mandriva_MDVA_2010_039.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
62270NetPBM xpmtoppm XPM File Handling Overflow

Nessus® Vulnerability Scanner

DateDescription
2013-11-13Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201311-08.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1811.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111212_netpbm_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1811.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1811.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libnetpbm-6852.nasl - Type : ACT_GATHER_INFO
2010-04-30Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-934-1.nasl - Type : ACT_GATHER_INFO
2010-04-03Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2026.nasl - Type : ACT_GATHER_INFO
2010-03-08Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libnetpbm-devel-100216.nasl - Type : ACT_GATHER_INFO
2010-03-08Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libnetpbm-6851.nasl - Type : ACT_GATHER_INFO
2010-03-08Name : The remote SuSE system is missing a security patch for libnetpbm-devel
File : suse_11_2_libnetpbm-devel-100216.nasl - Type : ACT_GATHER_INFO
2010-03-08Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12588.nasl - Type : ACT_GATHER_INFO
2010-03-08Name : The remote SuSE system is missing a security patch for libnetpbm-devel
File : suse_11_1_libnetpbm-devel-100216.nasl - Type : ACT_GATHER_INFO
2010-03-08Name : The remote SuSE system is missing a security patch for libnetpbm-devel
File : suse_11_0_libnetpbm-devel-100216.nasl - Type : ACT_GATHER_INFO
2010-02-18Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-039.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:29:21
  • Multiple Updates