CVE-2018-8975 — Out-of-bounds Read in Project Netpbm

CWE-125 — Out-of-bounds Read CWE-122 — Heap-based Buffer Overflow6 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.5%

top 35.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netpbm Project Netpbm Debian Netpbm-free

Timeline

PublishedMar 25

Latest updateMay 13

Description

The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonstrated by pbmmask.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDnetpbm_project/netpbm10.81.03

▶debiandebian/netpbm-free

🔴Vulnerability Details

GHSA

GHSA-vq9h-w3r5-w484: The pm_mallocarray2 function in lib/util/mallocvar↗2022-05-13

▶

📋Vendor Advisories

Red Hat

netpbm: heap-buffer-overflow in pm_mallocarray2 function in lib/util/mallocvar.c↗2018-03-15

▶

Debian

CVE-2018-8975: netpbm-free - The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 ...↗2018

▶

💬Community

Bugzilla

CVE-2018-8975 netpbm: heap-buffer-overflow in pm_mallocarray2 function in lib/util/mallocvar.c↗2018-03-27

▶

Bugzilla

CVE-2018-8975 netpbm: heap-buffer-overflow in pm_mallocarray2 function in lib/util/mallocvar.c [fedora-all]↗2018-03-27

▶