CVE-2017-2587Allocation of Resources Without Limits or Throttling in Project Netpbm

CWE-770Allocation of Resources Without Limits or Throttling6 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 66.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Netpbm Project NetpbmNetpbmDebian Netpbm-free
Timeline
PublishedJul 27
Latest updateMay 13

Description

A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDnetpbm_project/netpbm< 10.61.00
CVEListV5netpbm/netpbm10.61

🔴Vulnerability Details

1
GHSA
GHSA-gprh-cwxq-5pph: A memory allocation vulnerability was found in netpbm before 102022-05-13

📋Vendor Advisories

2
Red Hat
netpbm: Insufficient size check of memory allocation in createCanvas() function2017-02-06
Debian
CVE-2017-2587: netpbm-free - A memory allocation vulnerability was found in netpbm before 10.61. A maliciousl...2017

💬Community

2
Bugzilla
CVE-2017-2587 netpbm: Insufficient size check of memory allocation in createCanvas() function2017-02-06
Bugzilla
CVE-2017-2586 CVE-2017-2587 CVE-2017-5849 netpbm: various flaws [fedora-all]2017-02-06