245051 – (CVE-2008-4799) media-libs/netpbm<10.35.48 pamperspective DOS (CVE-2008-4799)

Bug 245051 (CVE-2008-4799) - media-libs/netpbm<10.35.48 pamperspective DOS (CVE-2008-4799)

Summary: media-libs/netpbm<10.35.48 pamperspective DOS (CVE-2008-4799)

Status:	RESOLVED FIXED

Alias:	CVE-2008-4799

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://netpbm.svn.sourceforge.net/vie...
Whiteboard:	A4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-10-31 11:42 UTC by Stefan Behte (RETIRED)
Modified:	2008-11-26 19:01 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2008-10-31 11:42:26 UTC

CVE-2008-4799 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4799):
  pamperspective in Netpbm before 10.35.48 does not properly calculate
  a window height, which allows context-dependent attackers to cause a
  denial of service (crash) via a crafted image file that triggers an
  out-of-bounds read.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2008-10-31 11:45:46 UTC

Latest stable version in tree: 10.43.00
Graphics, could we keyword the older, vulnerable versions?

Comment 2 SpanKY gentoo-dev

2008-11-01 06:17:08 UTC

what's the question exactly ?  we dont have an 10.35.x in the tree

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2008-11-01 12:01:33 UTC

But we have 10.26.57 and 10.26.58?
Vulnerable software and versions lists: cpe:/a:netpbm:netpbm:10.26

Comment 4 SpanKY gentoo-dev

2008-11-02 05:50:32 UTC

presumably you're talking about this:
08.10.27 BJH  Release 10.35.54

              pnm_createBlackTuple(): fix array bounds violation with
              PBM, PGM.

              ppmforge, pgmnoise, pgmcrater: better randomization;
              won't produce the same image if you run it twice within
              the same second.

              pnmtoddif: fix crash with any PGM input.

              pgmnoise: fix bug: never generates full white pixel.

but those fixes are in 10.26.58 already

Comment 5 Stefan Behte (RETIRED) gentoo-dev

2008-11-02 16:43:59 UTC

Ok, so let's remove 10.26.57.

Comment 6 SpanKY gentoo-dev

2008-11-02 20:23:24 UTC

removed

Comment 7 Stefan Behte (RETIRED) gentoo-dev

2008-11-05 22:28:37 UTC

Patch URL was: http://netpbm.svn.sourceforge.net/viewvc/netpbm/trunk/editor/pamperspective.c?r1=492&r2=683

Comment 8 Stefan Behte (RETIRED) gentoo-dev

2008-11-10 10:46:48 UTC

Ready for voting, I guess.

Comment 9 Robert Buchholz (RETIRED) gentoo-dev

2008-11-26 19:00:55 UTC

Client-side DOS, noglsa.