CVE-2008-0554 – netpbm: GIF handling buffer overflow in giftopnm
https://notcve.org/view.php?id=CVE-2008-0554
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. Desbordamiento de Buffer en la función readImageData en giftopnm.c de netpbm en versiones anteriores a 10.27 y de netpbm en versiones anteriores a 10.27 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de imágenes GIF manipuladas, similar a CVE-2006-4484. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464056 http://secunia.com/advisories/29079 http://secunia.com/advisories/30280 http://secunia.com/advisories/32607 http://ubuntu.com/usn/usn-665-1 http://www.debian.org/security/2008/dsa-1579 http://www.mandriva.com/security/advisories?name=MDVSA-2008:039 http://www.redhat.com/support/errata/RHSA-2008-0131.html http://www.securityfocus.com/bid/27682 http://www.securitytracker.com/id?1019358 http://www.vupen.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-2471
https://notcve.org/view.php?id=CVE-2005-2471
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands. pstopnm en netpbm no usa adecuadamente la opción "-dSAFER" (cuando llama a Ghostscript para convertir un archivo PostScript en un pbm, pgm o pnm), lo que permite que atacantes remotos con la intervención del usuario puedan ejecutar comandos arbitrarios. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757 http://secunia.com/advisories/16184 http://secunia.com/advisories/18330 http://secunia.com/advisories/19436 http://securitytracker.com/id?1014752 http://www.debian.org/security/2006/dsa-1021 http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.osvdb.org/18253 http://www.redhat.com/support/errata/RHSA-2005-743.html http://www.securityfocus.com/bid/14379 http://www.trustix.org/errata/200 •
CVE-2003-0924
https://notcve.org/view.php?id=CVE-2003-0924
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. netpbm 2:9.25 y anteriores no crea adecuadamente ficheros temporales, lo que permite a usuarios locales sobreescribir ficheros arbitrarios. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc http://www.debian.org/security/2004/dsa-426 http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml http://www.kb.cert.org/vuls/id/487102 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011 http://www.redhat.com/support/errata/RHSA-2004-030.html http://www.redhat.com/support/errata/RHSA-2004-031.html http://www.securityfocus.com/bid/9442 https://exchange.xforce.ibmcloud.com •
CVE-2003-0146
https://notcve.org/view.php?id=CVE-2003-0146
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656 http://marc.info/?l=bugtraq&m=104644687816522&w=2 http://www.debian.org/security/2003/dsa-263 http://www.kb.cert.org/vuls/id/630433 http://www.redhat.com/support/errata/RHSA-2003-060.html http://www.securityfocus.com/bid/6979 https://exchange.xforce.ibmcloud.com/vulnerabilities/11463 https://access.redhat.com/security/cve/CVE-2003-0146 https://bugzilla.redhat.com/show_bug.cgi?id=1616985 •