Buffer overflow : NetPBM 'xpmtoppm' Converter Buffer Overflow Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800471

Categoría: Buffer overflow

Título: NetPBM 'xpmtoppm' Converter Buffer Overflow Vulnerability

Resumen: NetPBM is prone to a buffer overflow vulnerability.

Descripción: Summary:
NetPBM is prone to a buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due a buffer overflow error in the 'converter/ppm/xpmtoppm.c'
converter when processing malformed header fields of 'X PixMap' (XPM) image files.

Vulnerability Impact:
Successful exploitation allows attackers to crash an affected application or
execute arbitrary code by tricking a user into converting a malicious image.

Affected Software/OS:
NetPBM versions prior to 10.47.07.

Solution:
Apply the patch or update to NetPBM 10.47.07.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4274
38164
http://www.securityfocus.com/bid/38164
38530
http://secunia.com/advisories/38530
38915
http://secunia.com/advisories/38915
ADV-2010-0358
http://www.vupen.com/english/advisories/2010/0358
ADV-2010-0780
http://www.vupen.com/english/advisories/2010/0780
DSA-2026
http://www.debian.org/security/2010/dsa-2026
MDVSA-2010:039
http://www.mandriva.com/security/advisories?name=MDVSA-2010:039
RHSA-2011:1811
http://www.redhat.com/support/errata/RHSA-2011-1811.html
SUSE-SR:2010:006
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
[oss-security] 20100209 vulnerability in netpbm (CVE-2009-4274)
http://www.openwall.com/lists/oss-security/2010/02/09/11
http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076
http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup
https://bugzilla.redhat.com/show_bug.cgi?id=546580
netpbm-xpm-bo(56207)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56207

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800471
Categoría:	Buffer overflow
Título:	NetPBM 'xpmtoppm' Converter Buffer Overflow Vulnerability
Resumen:	NetPBM is prone to a buffer overflow vulnerability.
Descripción:	Summary: NetPBM is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due a buffer overflow error in the 'converter/ppm/xpmtoppm.c' converter when processing malformed header fields of 'X PixMap' (XPM) image files. Vulnerability Impact: Successful exploitation allows attackers to crash an affected application or execute arbitrary code by tricking a user into converting a malicious image. Affected Software/OS: NetPBM versions prior to 10.47.07. Solution: Apply the patch or update to NetPBM 10.47.07. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4274 38164 http://www.securityfocus.com/bid/38164 38530 http://secunia.com/advisories/38530 38915 http://secunia.com/advisories/38915 ADV-2010-0358 http://www.vupen.com/english/advisories/2010/0358 ADV-2010-0780 http://www.vupen.com/english/advisories/2010/0780 DSA-2026 http://www.debian.org/security/2010/dsa-2026 MDVSA-2010:039 http://www.mandriva.com/security/advisories?name=MDVSA-2010:039 RHSA-2011:1811 http://www.redhat.com/support/errata/RHSA-2011-1811.html SUSE-SR:2010:006 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html [oss-security] 20100209 vulnerability in netpbm (CVE-2009-4274) http://www.openwall.com/lists/oss-security/2010/02/09/11 http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076 http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup https://bugzilla.redhat.com/show_bug.cgi?id=546580 netpbm-xpm-bo(56207) https://exchange.xforce.ibmcloud.com/vulnerabilities/56207
Copyright	Copyright (C) 2010 Greenbone AG