Ubuntu
netpbm-free package

[CVE-2008-0554] Buffer overflow in readImageData() in giftopnm.c leads to arbitrary code execution

Bug #232156 reported by Till Ulen
254
Affects Status Importance Assigned to Milestone
netpbm-free (Debian)
Fix Released
Unknown
netpbm-free (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

CVE-2008-0554 description:

"Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0554

Debian advisory DSA 1579-1:
http://www.debian.org/security/2008/dsa-1579

This has been fixed in Hardy but previous releases seem to be vulnerable.

Bug Watch Updater (bug-watch-updater)
Changed in netpbm-free:
status: Unknown → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

A fix for this issue has been released: http://www.ubuntu.com/usn/usn-665-1

Changed in netpbm-free:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.