Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Debian DSA-2026-1: Critical Netpbm Buffer Overflow Denial Of Service

debian
Calendar Grey April 2, 2010
Scroller Debian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities

Summary


Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader
implementation in netpbm-free, a suite of image manipulation utilities.
An attacker could cause a denial of service (application crash) or possibly
execute arbitrary code via an XPM image file that contains a crafted header
field associated with a large color index value.


For the stable distribution (lenny), this problem has been fixed in
version 2:10.0-12+lenny1.

For the testing distribution (squeeze), this problem has been fixed in
version 2:10.0-12.1+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.


Due to a problem with the archive system it is not possible to release
all architectures. The missing architectures will be installed into the
archive once they become available.

We recommend that you upgrade your netpbm-free package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: netpbm-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.