|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-2978: netpbm buffer overflow | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Ludwig Nussel <lnussel> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | CVE-2005-2978: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
patch
exploit |
||
2 local non-root user +1 default package -1 default inactive +1 command execution Total Score: 3 (Low) If it's used from e.g. some php it might be considered remote which would raise severity to 7. The result of this bug is that pnmtopng can access an array with uninitialized index, but I don't see any way to exploit it. Could you please ask for more details? Also, our 10.0 package does not crash on the attached file. Briefly looking at the 9.3 and 9.0 code doesn't reveal any exploitablility to me neither. The 9.3 code seems not to crash by using the example mentioned in the initila comment. Packages for sles8, sles9, sles9-beta, 9.0 - 10.0 and stable are submitted. Can you please submit patchinfos? Maintenance-Tracker-2586 /work/src/done/PATCHINFO/netpbm.patch.maintained /work/src/done/PATCHINFO/netpbm.patch.box CRD: 18.10.2005 1400UTC updates approved. make more visible. CVE-2005-2978: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) |
Created attachment 51230 [details] patch