DSA-2026Executive Summary
| Summary | |
|---|---|
| Title | New netpbm-free packages fix denial of service |
| Informations | |||
|---|---|---|---|
| Name | DSA-2026 | First vendor Publication | 2010-04-02 |
| Vendor | Debian | Last vendor Modification | 2010-04-02 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities. An attacker could cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value. For the stable distribution (lenny), this problem has been fixed in version 2:10.0-12+lenny1. For the testing distribution (squeeze), this problem has been fixed in version 2:10.0-12.1+squeeze1. For the unstable distribution (sid), this problem will be fixed soon. Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available. We recommend that you upgrade your netpbm-free package. |
Original Source
| Url : http://www.debian.org/security/2010/dsa-2026 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 62270 | NetPBM xpmtoppm XPM File Handling Overflow |
(High)
