CVE-2008-0554 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Netpbm-free

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents7 sources

Severity

6.8MEDIUMNVD

OSV2.6

EPSS

1.7%

top 17.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Netpbm-free Netpbm

Timeline

PublishedFeb 8

Latest updateMay 1

Description

Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/netpbm-free< netpbm-free 10.0-11.1 (bookworm)

▶NVDnetpbm/netpbm10.26

🔴Vulnerability Details

GHSA

GHSA-q3qj-hhm6-3g3m: Buffer overflow in the readImageData function in giftopnm↗2022-05-01

▶

OSV

CVE-2008-0554: Buffer overflow in the readImageData function in giftopnm↗2008-02-08

▶

📋Vendor Advisories

Ubuntu

Netpbm vulnerability↗2008-11-06

▶

Red Hat

netpbm: GIF handling buffer overflow in giftopnm↗2008-02-01

▶

Debian

CVE-2008-0554: netpbm-free - Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10....↗2008

▶

💬Community

Bugzilla

CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow↗2011-08-03

▶

Bugzilla

CVE-2011-2897 gdk-pixbuf: GIF loader buffer overflow when initializing decompression tables↗2011-08-01

▶

Bugzilla

CVE-2008-1373 cups: overflow in gif image filter↗2008-03-20

▶

Bugzilla

CVE-2008-0553 tk: GIF handling buffer overflow↗2008-02-05

▶

Bugzilla

CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]↗2008-02-05

▶