NetPBM 'xpmtoppm' Converter Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with NetPBM and is prone to Buffer Overflow vulnerability.

Impact

Successful exploitation allows attackers to crash an affected application or execute arbitrary code by tricking a user into converting a malicious image. Impact Level: Application.

Solution

Apply the patch or upgrade to NetPBM 10.47.07 For updates refer to http://sourceforge.net/projects/netpbm/files/ http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaw is due a buffer overflow error in the 'converter/ppm/xpmtoppm.c' converter when processing malformed header fields of 'X PixMap' (XPM) image files.

Affected

NetPBM versions prior to 10.47.07

References

http://www.vupen.com/english/advisories/2010/0358
http://xforce.iss.net/xforce/xfdb/56207
https://bugzilla.redhat.com/show_bug.cgi?id=546580

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4274

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Air Buffer Overflow Vulnerability (Windows)
Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Mac OS X)
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)
DesignWorks Professional '.cct' File BOF Vulnerability
Asterisk HTTP Manager Buffer Overflow Vulnerability

Take action and discover your vulnerabilities