| Revision Date: | 2005-12-20 | Version: | 502 |
| Title: | RHSA-2005:843: netpbm security update (Moderate) |
| Description: | The netpbm package contains a library of functions that support programs for handling various graphics file formats.
A stack based buffer overflow bug was found in the way netpbm converts Portable Anymap (PNM) files into Portable Network Graphics (PNG). A specially crafted PNM file could allow an attacker to execute arbitrary code by attempting to convert a PNM file to a PNG file when using pnmtopng with the '-text' option. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3632 to this issue.
An "off by one" bug was found in the way netpbm converts Portable Anymap (PNM) files into Portable Network Graphics (PNG). If a victim attempts to convert a specially crafted 256 color PNM file to a PNG file, then it can cause the pnmtopng utility to crash. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3662 to this issue.
All users of netpbm should upgrade to these updated packages, which contain backported patches that resolve these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2005-3632
CVE-2005-3662
RHSA-2005:843-01
|
| Platform(s): | Red Hat Enterprise Linux 3
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux 3 is installed AND Package Information
netpbm is earlier than 0:9.24-11.30.4
AND netpbm is signed with Red Hat master key
OR
netpbm-devel is earlier than 0:9.24-11.30.4
AND netpbm-devel is signed with Red Hat master key
OR
netpbm-progs is earlier than 0:9.24-11.30.4
AND netpbm-progs is signed with Red Hat master key
|