CVE-2005-3662

2005-11-1802:02:00

CWE-119

redhat

web.nvd.nist.gov

cve-2005-3662

buffer overflow

denial of service

arbitrary code execution

pnmtopng

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

45.7%

JSON

Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors.

Affected configurations

Nvd

Node

greg_roelofspnmtopngMatch2.37.3

greg_roelofspnmtopngMatch2.37.4

greg_roelofspnmtopngMatch2.37.5

greg_roelofspnmtopngMatch2.37.6

greg_roelofspnmtopngMatch2.38

VendorProductVersionCPE
greg_roelofspnmtopng2.37.3cpe:2.3:a:greg_roelofs:pnmtopng:2.37.3:*:*:*:*:*:*:*
greg_roelofspnmtopng2.37.4cpe:2.3:a:greg_roelofs:pnmtopng:2.37.4:*:*:*:*:*:*:*
greg_roelofspnmtopng2.37.5cpe:2.3:a:greg_roelofs:pnmtopng:2.37.5:*:*:*:*:*:*:*
greg_roelofspnmtopng2.37.6cpe:2.3:a:greg_roelofs:pnmtopng:2.37.6:*:*:*:*:*:*:*
greg_roelofspnmtopng2.38cpe:2.3:a:greg_roelofs:pnmtopng:2.38:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
greg_roelofs	pnmtopng	2.37.3	cpe:2.3:a:greg_roelofs:pnmtopng:2.37.3:::::::*
greg_roelofs	pnmtopng	2.37.4	cpe:2.3:a:greg_roelofs:pnmtopng:2.37.4:::::::*
greg_roelofs	pnmtopng	2.37.5	cpe:2.3:a:greg_roelofs:pnmtopng:2.37.5:::::::*
greg_roelofs	pnmtopng	2.37.6	cpe:2.3:a:greg_roelofs:pnmtopng:2.37.6:::::::*
greg_roelofs	pnmtopng	2.38	cpe:2.3:a:greg_roelofs:pnmtopng:2.38:::::::*