CVE-2005-2978

Sažetak

pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.

Reference

http://secunia.com/advisories/17221
http://secunia.com/advisories/17222
http://secunia.com/advisories/17256
http://secunia.com/advisories/17265
http://secunia.com/advisories/17282
http://secunia.com/advisories/17357
http://securitytracker.com/id?1015071
http://www.debian.org/security/2005/dsa-878
http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml
http://www.novell.com/linux/security/advisories/2005_24_sr.html
http://www.redhat.com/support/errata/RHSA-2005-793.html
http://www.securityfocus.com/bid/15128
http://www.vupen.com/english/advisories/2005/2133
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10135
https://usn.ubuntu.com/210-1/

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

03-10-2018 - 21:31

Objavljeno

18-10-2005 - 22:02