Debian DSA-2026-1: Critical Netpbm Buffer Overflow Denial Of Service
debian
April 2, 2010
Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities
Topics Covered
Summary
Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader
implementation in netpbm-free, a suite of image manipulation utilities.
An attacker could cause a denial of service (application crash) or possibly
execute arbitrary code via an XPM image file that contains a crafted header
field associated with a large color index value.
For the stable distribution (lenny), this problem has been fixed in
version 2:10.0-12+lenny1.
For the testing distribution (squeeze), this problem has been fixed in
version 2:10.0-12.1+squeeze1.
For the unstable distribution (sid), this problem will be fixed soon.
Due to a problem with the archive system it is not possible to release
all architectures. The missing architectures will be installed into the
archive once they become available.
We recommend that you upgrade your netpbm-free package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: netpbm-free
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!