Date: Sun, 5 Feb 2017 21:42:20 +0800 From: chunibalon <chunibalon@...il.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE-2017-2581, CVE-2017-2579, CVE-2017-2580, CVE-2017-2586, CVE-2017-2587: Multiple vulnerabilities in netpbm Hello: There are some issues that found in netpbm super stable branch 10.47.63 and may effect other branches and this mail is to disclose them(the maintainer agrees with me). CVE-2017-2581 netpbm: Out-of-bounds write in writeRasterPbm() function This OOBW issue occurs in bmptopnm and casues by integer overflow. This issue can be cause by a malformed BMP file through bmptopnm.Attackers could exploit this issue to result in DoS and may cause arbitrary code execution. CVE-2017-2579 netpbm: Out-of-bounds read in expandCodeOntoStack() This OOBR issue occurs in giftopnm and causes by insufficient check of value of specific variable. This issue can be caused by a malformed GIF file through giftopnm. Attackers could exploit this issue to result in DoS and might cause arbitrary code execution. CVE-2017-2580 netpbm: Out-of-bounds write of heap data in addPixelToRaster() function This OOBW issues occurs in giftopnm and causes by a improper deal with a zero-size heap chunk allocation and when malloc() is called it will be crash by unlink this heap overflow. This issue can be caused by a malformed GIF file through giftopnm. Attackers could exploit this issue to result in DoS and might cause arbitrary code execution by using some feature of unlink() to arbitrary anywhere. CVE-2017-2586 netpbm: Null pointer dereference in stringToUint function This issue occurs in svgtopam and causes by a NULL pointer passed to strlen(const char*). This issue can be caused by a malformed SVG file through svgtopam. Attackers could exploit this issue to result in DoS of the program. CVE-2017-2587 netpbm: Insufficient size check of memory allocation in createCanvas() function This issue occurs in svgtopam and causes by handleing memory allocation improperly. This issue can be caused by a malformed SVG file through svgtopam.Attackers could exploit this issue to result in DoS of the program and might DoS the OS if the OS do not terminate the program automatically and timely because of the large allocation of the memory. Some of these issues are patched in other branches and all will be patched in Super Stable branch in March as maintainer said. And the maintainer said: "*Anyone who wants a fix before the March Super Stable release can either upgrade to Stable or backport the fixes from Stable."* These CVE ids are assigned by Redhat Product Security( secalert@...hat.com). Best Regards! chunibalon of VARAS@...
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ