Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. 10.26.58 is currently in portage and marked stable. Reproducible: Always
doing a strict version compare with netpbm is useless. 10.26.58 was release long after the CVE in question, so it probably is fixed in it.
Steven, could you please verify that?
Whoops, he's not on the security team. We'll verify it then, anyone please ignore #2 (please *g).
According to upstream, this bug was fixed in 10.26.2 as well as 10.27