The netpbm package contains a library of functions that support programs
for handling various graphics file formats.
A stack based buffer overflow bug was found in the way netpbm converts
Portable Anymap (PNM) files into Portable Network Graphics (PNG). A
specially crafted PNM file could allow an attacker to execute arbitrary
code by attempting to convert a PNM file to a PNG file when using pnmtopng
with the ‘-text’ option. The Common Vulnerabilities and Exposures project
has assigned the name CVE-2005-3632 to this issue.
An “off by one” bug was found in the way netpbm converts Portable Anymap
(PNM) files into Portable Network Graphics (PNG). If a victim attempts to
convert a specially crafted 256 color PNM file to a PNG file, then it can
cause the pnmtopng utility to crash. The Common Vulnerabilities and
Exposures project has assigned the name CVE-2005-3662 to this issue.
All users of netpbm should upgrade to these updated packages, which contain
backported patches that resolve these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | s390x | netpbm | < 9.24-11.30.4 | netpbm-9.24-11.30.4.s390x.rpm |
RedHat | any | ia64 | netpbm | < 9.24-9.AS21.6 | netpbm-9.24-9.AS21.6.ia64.rpm |
RedHat | any | ppc | netpbm-devel | < 9.24-11.30.4 | netpbm-devel-9.24-11.30.4.ppc.rpm |
RedHat | any | ppc64 | netpbm | < 9.24-11.30.4 | netpbm-9.24-11.30.4.ppc64.rpm |
RedHat | any | x86_64 | netpbm | < 9.24-11.30.4 | netpbm-9.24-11.30.4.x86_64.rpm |
RedHat | any | i386 | netpbm-devel | < 9.24-11.30.4 | netpbm-devel-9.24-11.30.4.i386.rpm |
RedHat | any | s390 | netpbm-progs | < 9.24-11.30.4 | netpbm-progs-9.24-11.30.4.s390.rpm |
RedHat | any | i386 | netpbm-progs | < 9.24-11.30.4 | netpbm-progs-9.24-11.30.4.i386.rpm |
RedHat | any | ia64 | netpbm-progs | < 9.24-9.AS21.6 | netpbm-progs-9.24-9.AS21.6.ia64.rpm |
RedHat | any | ia64 | netpbm-progs | < 9.24-11.30.4 | netpbm-progs-9.24-11.30.4.ia64.rpm |