NetPBM 'xpmtoppm' Converter Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with NetPBM and is prone to Buffer Overflow vulnerability.

Impact

Successful exploitation allows attackers to crash an affected application or execute arbitrary code by tricking a user into converting a malicious image. Impact Level: Application.

Solution

Apply the patch or upgrade to NetPBM 10.47.07 For updates refer to http://sourceforge.net/projects/netpbm/files/ http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076 ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaw is due a buffer overflow error in the 'converter/ppm/xpmtoppm.c' converter when processing malformed header fields of 'X PixMap' (XPM) image files.

Affected

NetPBM versions prior to 10.47.07

References

http://www.vupen.com/english/advisories/2010/0358
http://xforce.iss.net/xforce/xfdb/56207
https://bugzilla.redhat.com/show_bug.cgi?id=546580

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4274
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple iTunes '.pls' Files Buffer Overflow Vulnerability
ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities
ChaSen Buffer Overflow Vulnerability (Windows)
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities
Citrix Provisioning Services SoapServer Buffer Overflow Vulnerability

Take action and discover your vulnerabilities