PT-2005-4419 · Netpbm+1 · Pnmtopng+1

Greg Roelofs

Published

2005-11-18

Updated

2018-10-03

CVE-2005-3662

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions pnmtopng versions prior to 2.39

Description The issue is related to an off-by-one buffer overflow when using the -alpha command line option, which can be triggered by a crafted PNM file with exactly 256 colors. This can cause a denial of service, resulting in a crash, and potentially allow the execution of arbitrary code.

Recommendations For versions prior to 2.39, update to version 2.39 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -alpha command line option with the Alphas Of Color setting until the update is applied.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2005-3662

DSA-904-1

RHSA-2005:843

RHSA-2005_843

Affected Products

Red Hat

Pnmtopng

PT-2005-4419 · Netpbm+1 · Pnmtopng+1

CVE-2005-3662

Weakness Enumeration

Related Identifiers

Affected Products

References · 23