Netpbm · Netpbm-Progs · CVE-2011-4517
**Name of the Vulnerable Software and Affected Versions**
netpbm-progs versions 10.35.58
netpbm-devel versions 10.35.58
netpbm versions 10.35.58
JasPer versions prior to 1.900.1-r4
**Description**
The issue concerns multiple vulnerabilities in various packages, including netpbm-progs, netpbm-devel, and netpbm, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, a specific vulnerability in the jpc crg getparms function in libjasper/jpc/jpc cs.c in JasPer 1.900.1 allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code or cause a denial of service via a crafted component registration (CRG) marker segment in a JPEG2000 file.
**Recommendations**
For netpbm-progs version 10.35.58, update to a newer version to mitigate the risk.
For netpbm-devel version 10.35.58, update to a newer version to mitigate the risk.
For netpbm version 10.35.58, update to a newer version to mitigate the risk.
For JasPer versions prior to 1.900.1-r4, update to version 1.900.1-r4 or later to resolve the issue.
As a temporary workaround, consider restricting access to the vulnerable packages until a patch is available.