CVE-2009-4274 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Netpbm-free

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow7 documents7 sources

Severity

7.5HIGHNVD

EPSS

2.5%

top 14.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Netpbm-free Netpbm

Timeline

PublishedFeb 12

Latest updateMay 2

Description

Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/netpbm-free< netpbm-free 2:10.0-12.2 (bookworm)

▶NVDnetpbm/netpbm101 versions+100

🔴Vulnerability Details

GHSA

GHSA-45q7-r4qg-42p8: Stack-based buffer overflow in converter/ppm/xpmtoppm↗2022-05-02

▶

OSV

CVE-2009-4274: Stack-based buffer overflow in converter/ppm/xpmtoppm↗2010-02-12

▶

📋Vendor Advisories

Ubuntu

Netpbm vulnerability↗2010-04-29

▶

Red Hat

netpbm: Stack-based buffer overflow by processing X PixMap image header fields↗2010-02-09

▶

Debian

CVE-2009-4274: netpbm-free - Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.0...↗2009

▶

💬Community

Bugzilla

CVE-2009-4274 netpbm: Stack-based buffer overflow by processing X PixMap image header fields↗2009-12-11

▶