search menu icon-carat-right cmu-wordmark

CERT Coordination Center

NetPBM contains multiple buffer overflow vulnerabilities

Vulnerability Note VU#630433

Original Release Date: 2003-03-17 | Last Revised: 2003-04-03

Overview

NetPBM is a set of graphics conversion tools and has been found to contain multiple buffer overflow vulnerabilities.

Description

A code review of NetPBM has revealed multiple buffer overflow vulnerabilities. These vulnerabilities could be exploited by loading malicious image files.

Impact

The complete impact of these vulnerabilities is not yet known, but could range from a denial of service or potential execution of code.

Solution

Please see your vendor notification for a vendor specific patch.

Vendor Information

630433
 

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Alan Cox for reporting this vulnerability and creating the initial fixes and to Al Viro for discovering the original flaw. We also thank Martin Schulze and Sebastian Kramer provided additional fixes to the patches.

This document was written by Jason A Rafail.

Other Information

CVE IDs: CVE-2003-0146
Severity Metric: 1.01
Date Public: 2003-02-28
Date First Published: 2003-03-17
Date Last Updated: 2003-04-03 21:35 UTC
Document Revision: 9

Sponsored by CISA.