Vulnerability Name:

CVE-2005-3632 (CCN-23163)

Assigned:2005-11-12
Published:2005-11-12
Updated:2018-10-03
Summary:Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Neohapsis Archives Full Disclosure Message #0664
[USN-218-1] netpbm vulnerabilities

Source: MITRE
Type: CNA
CVE-2005-3632

Source: CCN
Type: Netpbm Web site
Netpbm home page

Source: CCN
Type: RHSA-2005-843
netpbm security update

Source: CCN
Type: SA17544
Pnmtopng "alphas_of_color" and "read_text" Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
17544

Source: SECUNIA
Type: UNKNOWN
17671

Source: SECUNIA
Type: UNKNOWN
17679

Source: SECUNIA
Type: UNKNOWN
17828

Source: SECUNIA
Type: UNKNOWN
18186

Source: CCN
Type: SourceForge.net
PNG and MNG/JNG image formats: home site

Source: CCN
Type: ASA-2006-006
netpbm security update (RHSA-2005-843)

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-904

Source: DEBIAN
Type: DSA-904
netpbm-free -- buffer overflows

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:217

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:028

Source: REDHAT
Type: UNKNOWN
RHSA-2005:843

Source: BID
Type: UNKNOWN
15514

Source: CCN
Type: BID-15514
NetPBM PNMToPNG Long Text Line Buffer Overflow Vulnerability

Source: CCN
Type: USN-218-1
netpbm vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2005-2418

Source: XF
Type: UNKNOWN
pnmtopng-text-bo(23163)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11165

Source: UBUNTU
Type: UNKNOWN
USN-218-1

Source: SUSE
Type: SUSE-SR:2005:028
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:netpbm:netpbm:9.20:*:*:*:*:*:*:*
  • OR cpe:/a:netpbm:netpbm:9.21:*:*:*:*:*:*:*
  • OR cpe:/a:netpbm:netpbm:9.22:*:*:*:*:*:*:*
  • OR cpe:/a:netpbm:netpbm:9.23:*:*:*:*:*:*:*
  • OR cpe:/a:netpbm:netpbm:9.24:*:*:*:*:*:*:*
  • OR cpe:/a:netpbm:netpbm:9.25:*:*:*:*:*:*:*
  • OR cpe:/a:netpbm:netpbm:10.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20053632
    V
    		CVE-2005-3632
    2015-11-16
    oval:org.mitre.oval:def:11165
    V
    		Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.
    2013-04-29
    oval:com.redhat.rhsa:def:20050843
    P
    		RHSA-2005:843: netpbm security update (Moderate)
    2005-12-20
    oval:org.debian:def:904
    V
    		buffer overflows
    2005-11-21
    BACK
    netpbm netpbm 9.20
    netpbm netpbm 9.21
    netpbm netpbm 9.22
    netpbm netpbm 9.23
    netpbm netpbm 9.24
    netpbm netpbm 9.25
    netpbm netpbm 10.0