Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 5 Feb 2017 21:42:20 +0800
From: chunibalon <chunibalon@...il.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE-2017-2581, CVE-2017-2579, CVE-2017-2580, CVE-2017-2586,
 CVE-2017-2587: Multiple vulnerabilities in netpbm

Hello:

       There are some issues that found in netpbm super stable branch
10.47.63 and may effect other branches and this mail is to disclose
them(the maintainer agrees with me).

        CVE-2017-2581 netpbm: Out-of-bounds write in writeRasterPbm()
function
       This OOBW issue occurs in bmptopnm and casues by integer overflow.
       This issue can be cause by a malformed BMP file through
bmptopnm.Attackers could exploit this issue to result in DoS and may cause
arbitrary code execution.

        CVE-2017-2579 netpbm: Out-of-bounds read in expandCodeOntoStack()
        This OOBR issue occurs in giftopnm and causes by insufficient check
of value of specific variable.
        This issue can be caused by a malformed GIF file through giftopnm.
Attackers could exploit this issue to result in DoS and might cause
arbitrary code execution.

        CVE-2017-2580 netpbm: Out-of-bounds write of heap data in
addPixelToRaster() function
        This OOBW issues occurs in giftopnm and causes by a improper deal
with a zero-size heap chunk allocation and when malloc() is called it will
be crash by unlink this heap overflow.
        This issue can be caused by a malformed GIF file through giftopnm.
Attackers could exploit this issue to result in DoS and might cause
arbitrary code execution by using some feature of unlink() to arbitrary
anywhere.

        CVE-2017-2586 netpbm: Null pointer dereference in stringToUint
function
        This issue occurs in svgtopam and causes by a NULL pointer passed
to strlen(const char*).
        This issue can be caused by a malformed SVG  file through svgtopam.
Attackers could exploit this issue to result in DoS of the program.


        CVE-2017-2587 netpbm: Insufficient size check of memory allocation
in createCanvas() function
        This issue occurs in svgtopam and causes by handleing memory
allocation improperly.
        This issue can be caused by a malformed SVG file through
svgtopam.Attackers could exploit this issue to result in DoS of the program
and might DoS the OS if the OS do not terminate the program automatically
and timely because of the large allocation of the memory.

       Some of these issues are patched in other branches and all will be
patched in Super Stable branch in March as maintainer said.
       And the maintainer said: "*Anyone who wants a fix before the March
Super Stable release can either upgrade to Stable or backport the
fixes from Stable."*

       These CVE ids are assigned by Redhat Product Security(
secalert@...hat.com).


Best Regards!
chunibalon of VARAS@IIE

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.