ID CVE-2005-2978
Summary pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
References
Vulnerable Configurations
  • cpe:2.3:a:netpbm:netpbm:10.0
    cpe:2.3:a:netpbm:netpbm:10.0
  • cpe:2.3:a:netpbm:netpbm:10.1
    cpe:2.3:a:netpbm:netpbm:10.1
  • cpe:2.3:a:netpbm:netpbm:10.2
    cpe:2.3:a:netpbm:netpbm:10.2
  • cpe:2.3:a:netpbm:netpbm:10.3
    cpe:2.3:a:netpbm:netpbm:10.3
  • cpe:2.3:a:netpbm:netpbm:10.4
    cpe:2.3:a:netpbm:netpbm:10.4
  • cpe:2.3:a:netpbm:netpbm:10.5
    cpe:2.3:a:netpbm:netpbm:10.5
  • cpe:2.3:a:netpbm:netpbm:10.6
    cpe:2.3:a:netpbm:netpbm:10.6
  • cpe:2.3:a:netpbm:netpbm:10.7
    cpe:2.3:a:netpbm:netpbm:10.7
  • cpe:2.3:a:netpbm:netpbm:10.8
    cpe:2.3:a:netpbm:netpbm:10.8
  • cpe:2.3:a:netpbm:netpbm:10.9
    cpe:2.3:a:netpbm:netpbm:10.9
  • cpe:2.3:a:netpbm:netpbm:10.10
    cpe:2.3:a:netpbm:netpbm:10.10
  • cpe:2.3:a:netpbm:netpbm:10.11
    cpe:2.3:a:netpbm:netpbm:10.11
  • cpe:2.3:a:netpbm:netpbm:10.12
    cpe:2.3:a:netpbm:netpbm:10.12
  • cpe:2.3:a:netpbm:netpbm:10.13
    cpe:2.3:a:netpbm:netpbm:10.13
  • cpe:2.3:a:netpbm:netpbm:10.14
    cpe:2.3:a:netpbm:netpbm:10.14
  • cpe:2.3:a:netpbm:netpbm:10.15
    cpe:2.3:a:netpbm:netpbm:10.15
  • cpe:2.3:a:netpbm:netpbm:10.16
    cpe:2.3:a:netpbm:netpbm:10.16
  • cpe:2.3:a:netpbm:netpbm:10.17
    cpe:2.3:a:netpbm:netpbm:10.17
  • cpe:2.3:a:netpbm:netpbm:10.18
    cpe:2.3:a:netpbm:netpbm:10.18
  • cpe:2.3:a:netpbm:netpbm:10.19
    cpe:2.3:a:netpbm:netpbm:10.19
  • cpe:2.3:a:netpbm:netpbm:10.20
    cpe:2.3:a:netpbm:netpbm:10.20
  • cpe:2.3:a:netpbm:netpbm:10.21
    cpe:2.3:a:netpbm:netpbm:10.21
  • cpe:2.3:a:netpbm:netpbm:10.22
    cpe:2.3:a:netpbm:netpbm:10.22
  • cpe:2.3:a:netpbm:netpbm:10.23
    cpe:2.3:a:netpbm:netpbm:10.23
  • cpe:2.3:a:netpbm:netpbm:10.24
    cpe:2.3:a:netpbm:netpbm:10.24
CVSS
Base: 7.5 (as of 18-10-2005 - 22:24)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_AE9FB0D7C4DC11DAB2FB000E0C2E438A.NASL
    description Ubuntu reports : A buffer overflow was found in the 'pnmtopng' conversion program. By tricking an user (or automated system) to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 21493
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21493
    title FreeBSD : netpbm -- buffer overflow in pnmtopng (ae9fb0d7-c4dc-11da-b2fb-000e0c2e438a)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-793.NASL
    description Updated netpbm packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. A bug was found in the way netpbm converts Portable Anymap (PNM) files into Portable Network Graphics (PNG). The usage of uninitialised variables in the pnmtopng code allows an attacker to change stack contents when converting to PNG files with pnmtopng using the '-trans' option. This may allow an attacker to execute arbitrary code. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2978 to this issue. All users of netpbm should upgrade to the updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 20058
    published 2005-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20058
    title RHEL 4 : netpbm (RHSA-2005:793)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-199.NASL
    description Pnmtopng in netpbm 10.2X, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack. Netpbm 9.2X is not affected by this vulnerability. The updated packages have been patched to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20437
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20437
    title Mandrake Linux Security Advisory : netpbm (MDKSA-2005:199)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200510-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-200510-18 (Netpbm: Buffer overflow in pnmtopng) RedHat reported that pnmtopng is vulnerable to a buffer overflow. Impact : An attacker could craft a malicious PNM file and entice a user to run pnmtopng on it, potentially resulting in the execution of arbitrary code with the permissions of the user running pnmtopng. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 20080
    published 2005-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20080
    title GLSA-200510-18 : Netpbm: Buffer overflow in pnmtopng
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-793.NASL
    description Updated netpbm packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. A bug was found in the way netpbm converts Portable Anymap (PNM) files into Portable Network Graphics (PNG). The usage of uninitialised variables in the pnmtopng code allows an attacker to change stack contents when converting to PNG files with pnmtopng using the '-trans' option. This may allow an attacker to execute arbitrary code. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2978 to this issue. All users of netpbm should upgrade to the updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21965
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21965
    title CentOS 4 : netpbm (CESA-2005:793)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-878.NASL
    description A buffer overflow has been identified in the pnmtopng component of the netpbm package, a set of graphics conversion tools. This vulnerability could allow an attacker to execute arbitrary code as a local user by providing a specially crafted PNM file. The old stable distribution (woody) it not vulnerable to this problem.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22744
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22744
    title Debian DSA-878-1 : netpbm-free - buffer overflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-210-1.NASL
    description A buffer overflow was found in the 'pnmtopng' conversion program. By tricking an user (or automated system) to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20628
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20628
    title Ubuntu 4.10 / 5.04 / 5.10 : netpbm-free vulnerability (USN-210-1)
oval via4
accepted 2013-04-29T04:02:06.560-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
family unix
id oval:org.mitre.oval:def:10135
status accepted
submitted 2010-07-09T03:56:16-04:00
title pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
version 23
redhat via4
advisories
rhsa
id RHSA-2005:793
refmap via4
bid 15128
debian DSA-878
gentoo GLSA-200510-18
misc https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278
sectrack 1015071
secunia
  • 17221
  • 17222
  • 17256
  • 17265
  • 17282
  • 17357
suse SUSE-SR:2005:024
ubuntu USN-210-1
vupen ADV-2005-2133
Last major update 07-03-2011 - 21:25
Published 18-10-2005 - 18:02
Last modified 03-10-2018 - 17:31
Back to Top