[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] vulnerability in netpbm (CVE-2009-4274)
From: Vincent Danen <vdanen () redhat ! com>
Date: 2010-02-09 18:03:11
Message-ID: 20100209180311.GE2377 () redhat ! com
[Download RAW message or body]
Marc Schoenefeld discovered a stack-based buffer overflow in the way
that netpbm processed the contents of header files in xpm image files.
This could lead to a crash of the application processing a
specially-crafted xpm file (and linked to netpbm), or possibly to the
execution of arbitrary code with the privileges of the user processing
the xpm file. This issue is assigned CVE-2009-4274.
The issue was corrected upstream in version 10.47.07 on Dec 29, 2009:
http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076
References:
https://bugzilla.redhat.com/show_bug.cgi?id=546580
--
Vincent Danen / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic