Bug 246239 (CVE-2008-0554)

Summary:	media-libs/netpbm <10.27 Buffer overflow in the readImageData (CVE-2008-0554)
Product:	Gentoo Security	Reporter:	stupendoussteve
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	normal	CC:	graphics+disabled
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0554
Whiteboard:	B2 [ebuild]
Package list:		Runtime testing required:	---

Description stupendoussteve 2008-11-10 00:43:13 UTC

Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

10.26.58 is currently in portage and marked stable.

Reproducible: Always

Comment 1 SpanKY gentoo-dev

2008-11-10 04:21:00 UTC

doing a strict version compare with netpbm is useless.  10.26.58 was release long after the CVE in question, so it probably is fixed in it.

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2008-11-10 10:44:33 UTC

Steven, could you please verify that?

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2008-11-10 10:48:02 UTC

Whoops, he's not on the security team. We'll verify it then, anyone please ignore #2 (please *g).

Comment 4 stupendoussteve 2008-11-24 11:41:05 UTC

According to upstream, this bug was fixed in 10.26.2 as well as 10.27