Greg Roelofs

**Name of the Vulnerable Software and Affected Versions** netpbm versions 10.0 and earlier **Description** The issue is related to multiple buffer overflows in the pnmtopng component. Attackers can execute arbitrary code by providing a crafted PNM file. **Recommendations** For netpbm versions 10.0 and earlier, update to a version later than 10.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** pnmtopng versions prior to 2.39 **Description** The issue is related to an off-by-one buffer overflow when using the -alpha command line option, which can be triggered by a crafted PNM file with exactly 256 colors. This can cause a denial of service, resulting in a crash, and potentially allow the execution of arbitrary code. **Recommendations** For versions prior to 2.39, update to version 2.39 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -alpha command line option with the Alphas Of Color setting until the update is applied.