Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 246239 (CVE-2008-0554) - media-libs/netpbm <10.27 Buffer overflow in the readImageData (CVE-2008-0554)
Summary: media-libs/netpbm <10.27 Buffer overflow in the readImageData (CVE-2008-0554)
Alias: CVE-2008-0554
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [ebuild]
Depends on:
Reported: 2008-11-10 00:43 UTC by stupendoussteve
Modified: 2008-11-24 11:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description stupendoussteve 2008-11-10 00:43:13 UTC
Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

10.26.58 is currently in portage and marked stable.

Reproducible: Always
Comment 1 SpanKY gentoo-dev 2008-11-10 04:21:00 UTC
doing a strict version compare with netpbm is useless.  10.26.58 was release long after the CVE in question, so it probably is fixed in it.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-10 10:44:33 UTC
Steven, could you please verify that?
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-10 10:48:02 UTC
Whoops, he's not on the security team. We'll verify it then, anyone please ignore #2 (please *g).
Comment 4 stupendoussteve 2008-11-24 11:41:05 UTC
According to upstream, this bug was fixed in 10.26.2 as well as 10.27