Vulnerability Name:

CVE-2003-0146 (CCN-11463)

Assigned:2003-02-28
Published:2003-02-28
Updated:2017-07-11
Summary:Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Fri Feb 28 2003 - 09:10:14 CST
NetPBM, multiple vulnerabilities

Source: MITRE
Type: CNA
CVE-2003-0146

Source: CONECTIVA
Type: UNKNOWN
CLSA-2003:656

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2003:656
netpbm

Source: BUGTRAQ
Type: UNKNOWN
20030228 NetPBM, multiple vulnerabilities

Source: CCN
Type: Netpbm Web site
Netpbm home page

Source: CCN
Type: RHSA-2003-060
Updated NetPBM packages fix multiple vulnerabilities

Source: CCN
Type: RHSA-2003-061
netpbm security update

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-263

Source: DEBIAN
Type: DSA-263
netpbm-free -- math overflow errors

Source: CCN
Type: US-CERT VU#630433
NetPBM contains multiple buffer overflow vulnerabilities

Source: CERT-VN
Type: US Government Resource
VU#630433

Source: REDHAT
Type: UNKNOWN
RHSA-2003:060

Source: BID
Type: UNKNOWN
6979

Source: CCN
Type: BID-6979
Multiple Netpbm Buffer Overflow Vulnerabilities

Source: XF
Type: UNKNOWN
netpbm-multiple-bo(11463)

Source: XF
Type: UNKNOWN
netpbm-multiple-bo(11463)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:netpbm:netpbm:*:*:*:*:*:*:*:* (Version <= 9.20)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20030146
    V
    		CVE-2003-0146
    2015-11-16
    oval:org.debian:def:263
    V
    		math overflow errors
    2003-03-17
    BACK
    netpbm netpbm *