Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 9 Feb 2010 11:03:11 -0700
From: Vincent Danen <>
Subject: vulnerability in netpbm (CVE-2009-4274)

Marc Schoenefeld discovered a stack-based buffer overflow in the way
that netpbm processed the contents of header files in xpm image files.
This could lead to a crash of the application processing a
specially-crafted xpm file (and linked to netpbm), or possibly to the
execution of arbitrary code with the privileges of the user processing
the xpm file.  This issue is assigned CVE-2009-4274.

The issue was corrected upstream in version 10.47.07 on Dec 29, 2009:


Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ