CVE-2008-4799 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4799): pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.
Latest stable version in tree: 10.43.00 Graphics, could we keyword the older, vulnerable versions?
what's the question exactly ? we dont have an 10.35.x in the tree
But we have 10.26.57 and 10.26.58? Vulnerable software and versions lists: cpe:/a:netpbm:netpbm:10.26
presumably you're talking about this: 08.10.27 BJH Release 10.35.54 pnm_createBlackTuple(): fix array bounds violation with PBM, PGM. ppmforge, pgmnoise, pgmcrater: better randomization; won't produce the same image if you run it twice within the same second. pnmtoddif: fix crash with any PGM input. pgmnoise: fix bug: never generates full white pixel. but those fixes are in 10.26.58 already
Ok, so let's remove 10.26.57.
removed
Patch URL was: http://netpbm.svn.sourceforge.net/viewvc/netpbm/trunk/editor/pamperspective.c?r1=492&r2=683
Ready for voting, I guess.
Client-side DOS, noglsa.