CVE-2017-2586NULL Pointer Dereference in Project Netpbm

CWE-476NULL Pointer Dereference6 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 69.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Netpbm Project NetpbmNetpbmDebian Netpbm-free
Timeline
PublishedJul 27
Latest updateMay 13

Description

A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDnetpbm_project/netpbm< 10.61.00
CVEListV5netpbm/netpbm10.61

🔴Vulnerability Details

1
GHSA
GHSA-g2rm-3545-j3gr: A null pointer dereference vulnerability was found in netpbm before 102022-05-13

📋Vendor Advisories

2
Red Hat
netpbm: Null pointer dereference in stringToUint function2017-02-06
Debian
CVE-2017-2586: netpbm-free - A null pointer dereference vulnerability was found in netpbm before 10.61. A mal...2017

💬Community

2
Bugzilla
CVE-2017-2586 netpbm: Null pointer dereference in stringToUint function2017-02-06
Bugzilla
CVE-2017-2586 CVE-2017-2587 CVE-2017-5849 netpbm: various flaws [fedora-all]2017-02-06