The netpbm package contains a library of functions that support programs for handling various graphics file formats.
A stack based buffer overflow bug was found in the way netpbm converts Portable Anymap (PNM) files into Portable Network Graphics (PNG). A specially crafted PNM file could allow an attacker to execute arbitrary code by attempting to convert a PNM file to a PNG file when using pnmtopng with the '-text' option. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3632 to this issue.
An "off by one" bug was found in the way netpbm converts Portable Anymap (PNM) files into Portable Network Graphics (PNG). If a victim attempts to convert a specially crafted 256 color PNM file to a PNG file, then it can cause the pnmtopng utility to crash. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3662 to this issue.
All users of netpbm should upgrade to these updated packages, which contain backported patches that resolve these issues.