Date: Tue, 9 Feb 2010 11:03:11 -0700 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: vulnerability in netpbm (CVE-2009-4274) Marc Schoenefeld discovered a stack-based buffer overflow in the way that netpbm processed the contents of header files in xpm image files. This could lead to a crash of the application processing a specially-crafted xpm file (and linked to netpbm), or possibly to the execution of arbitrary code with the privileges of the user processing the xpm file. This issue is assigned CVE-2009-4274. The issue was corrected upstream in version 10.47.07 on Dec 29, 2009: http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076 References: https://bugzilla.redhat.com/show_bug.cgi?id=546580 -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ