CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2005-2471
https://notcve.org/view.php?id=CVE-2005-2471
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands. pstopnm en netpbm no usa adecuadamente la opción "-dSAFER" (cuando llama a Ghostscript para convertir un archivo PostScript en un pbm, pgm o pnm), lo que permite que atacantes remotos con la intervención del usuario puedan ejecutar comandos arbitrarios. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757 http://secunia.com/advisories/16184 http://secunia.com/advisories/18330 http://secunia.com/advisories/19436 http://securitytracker.com/id?1014752 http://www.debian.org/security/2006/dsa-1021 http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.osvdb.org/18253 http://www.redhat.com/support/errata/RHSA-2005-743.html http://www.securityfocus.com/bid/14379 http://www.trustix.org/errata/200 •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0924
https://notcve.org/view.php?id=CVE-2003-0924
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. netpbm 2:9.25 y anteriores no crea adecuadamente ficheros temporales, lo que permite a usuarios locales sobreescribir ficheros arbitrarios. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc http://www.debian.org/security/2004/dsa-426 http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml http://www.kb.cert.org/vuls/id/487102 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011 http://www.redhat.com/support/errata/RHSA-2004-030.html http://www.redhat.com/support/errata/RHSA-2004-031.html http://www.securityfocus.com/bid/9442 https://exchange.xforce.ibmcloud.com&# •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 0CVE-2003-0146
https://notcve.org/view.php?id=CVE-2003-0146
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656 http://marc.info/?l=bugtraq&m=104644687816522&w=2 http://www.debian.org/security/2003/dsa-263 http://www.kb.cert.org/vuls/id/630433 http://www.redhat.com/support/errata/RHSA-2003-060.html http://www.securityfocus.com/bid/6979 https://exchange.xforce.ibmcloud.com/vulnerabilities/11463 https://access.redhat.com/security/cve/CVE-2003-0146 https://bugzilla.redhat.com/show_bug.cgi?id=1616985 •