CVE-2011-4517

Name of the Vulnerable Software and Affected Versions netpbm-progs versions 10.35.58 netpbm-devel versions 10.35.58 netpbm versions 10.35.58 JasPer versions prior to 1.900.1-r4

Description The issue concerns multiple vulnerabilities in various packages, including netpbm-progs, netpbm-devel, and netpbm, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Additionally, a specific vulnerability in the jpc crg getparms function in libjasper/jpc/jpc cs.c in JasPer 1.900.1 allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code or cause a denial of service via a crafted component registration (CRG) marker segment in a JPEG2000 file.

Recommendations For netpbm-progs version 10.35.58, update to a newer version to mitigate the risk. For netpbm-devel version 10.35.58, update to a newer version to mitigate the risk. For netpbm version 10.35.58, update to a newer version to mitigate the risk. For JasPer versions prior to 1.900.1-r4, update to version 1.900.1-r4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable packages until a patch is available.