Nom du paquet
netpbm
Date
2005-11-30
Advisory ID
MDKSA-2005:217
Affected versions
CS2.1 x86_64 , 10.1 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Greg Roelofs discovered and fixed several buffer overflows in
pnmtopng which is also included in netpbm, a collection of
graphic conversion utilities, that can lead to the execution of
arbitrary code via a specially crafted PNM file.

Multiple buffer overflows in pnmtopng in netpbm 10.0 and
earlier allow attackers to execute arbitrary code via a
crafted PNM file. (CVE-2005-3632)

An off-by-one buffer overflow in pnmtopng, when using the -alpha
command line option, allows attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a
crafted PNM file with exactly 256 colors. (CVE-2005-3662)

The updated packages have been patched to correct this problem.

Updated packages

CS2.1 x86_64

 27b0f5ef22581bc5c5c23bf880302c58  x86_64/corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.x86_64.rpm
 1743d3247a1e3de046fbf31ce37e443d  x86_64/corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.x86_64.rpm
 4e67e3d7940f30c3bc86cf5a2f215543  x86_64/corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.x86_64.rpm
 7ab637139c9b1977923cae04dd3cc9de  x86_64/corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.x86_64.rpm
 0bf9af1326905eb13fb3f4fb66424653  x86_64/corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm

10.1 i586

 550eae5a55b39101687b7a0532219627  10.1/RPMS/libnetpbm9-9.24-8.2.101mdk.i586.rpm
 b3b2ea4437130703b68a5b3868eaec0b  10.1/RPMS/libnetpbm9-devel-9.24-8.2.101mdk.i586.rpm
 653e84715019165ea620d64e5969714f  10.1/RPMS/libnetpbm9-static-devel-9.24-8.2.101mdk.i586.rpm
 ac1db50f9caf2731a0dbc63e55688ef9  10.1/RPMS/netpbm-9.24-8.2.101mdk.i586.rpm
 c0b1026156fd6376adba353b4f5d0528  10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm

CS3.0 x86_64

 d0f1d6da66166acfc0ce18dfd55548e1  x86_64/corporate/3.0/RPMS/lib64netpbm9-9.24-8.3.C30mdk.x86_64.rpm
 9e5d975423d7d00a1cfc5b1ea87c07c4  x86_64/corporate/3.0/RPMS/lib64netpbm9-devel-9.24-8.3.C30mdk.x86_64.rpm
 f3f7f6ec681c2edbf29e789e1f9e1887  x86_64/corporate/3.0/RPMS/lib64netpbm9-static-devel-9.24-8.3.C30mdk.x86_64.rpm
 5f27304b1b68639211c34e573c163b52  x86_64/corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.x86_64.rpm
 17a729bc07c296f77efb87301d122aa6  x86_64/corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm

CS3.0 i586

 784b993f4e0409fe5255c3228c72ea3b  corporate/3.0/RPMS/libnetpbm9-9.24-8.3.C30mdk.i586.rpm
 319272b7f74900cabd06c6fa5e0b52b2  corporate/3.0/RPMS/libnetpbm9-devel-9.24-8.3.C30mdk.i586.rpm
 e6feb19b8b2c0ac6d522c1a73035811d  corporate/3.0/RPMS/libnetpbm9-static-devel-9.24-8.3.C30mdk.i586.rpm
 42406aa8e04afd173d2194b50d11ca13  corporate/3.0/RPMS/netpbm-9.24-8.3.C30mdk.i586.rpm
 17a729bc07c296f77efb87301d122aa6  corporate/3.0/SRPMS/netpbm-9.24-8.3.C30mdk.src.rpm

CS2.1 i586

 cfeeabb6edac6d7234f6e09beb19ff36  corporate/2.1/RPMS/libnetpbm9-9.24-4.5.C21mdk.i586.rpm
 4b34fb42803f511646d0129d7fc7dd2f  corporate/2.1/RPMS/libnetpbm9-devel-9.24-4.5.C21mdk.i586.rpm
 89b46b4d6a89797916ee54a48a38a732  corporate/2.1/RPMS/libnetpbm9-static-devel-9.24-4.5.C21mdk.i586.rpm
 c4af1176267c16480c3d15f24dcb5db9  corporate/2.1/RPMS/netpbm-9.24-4.5.C21mdk.i586.rpm
 0bf9af1326905eb13fb3f4fb66424653  corporate/2.1/SRPMS/netpbm-9.24-4.5.C21mdk.src.rpm

10.1 x86_64

 a4fb05222ac3917637ae6a0773f7cdc9  x86_64/10.1/RPMS/lib64netpbm9-9.24-8.2.101mdk.x86_64.rpm
 32951fca67c13886bdb779de08f8edf3  x86_64/10.1/RPMS/lib64netpbm9-devel-9.24-8.2.101mdk.x86_64.rpm
 dafac5b2622f774bc311ef6004e4fa3e  x86_64/10.1/RPMS/lib64netpbm9-static-devel-9.24-8.2.101mdk.x86_64.rpm
 6984338299c35aca2489b8dae94e9e65  x86_64/10.1/RPMS/netpbm-9.24-8.2.101mdk.x86_64.rpm
 c0b1026156fd6376adba353b4f5d0528  x86_64/10.1/SRPMS/netpbm-9.24-8.2.101mdk.src.rpm

References