Bug 22945 - CVE-2009-4274 netpbm: Stack-based buffer overflow by processing X PixMap image
Summary: CVE-2009-4274 netpbm: Stack-based buffer overflow by processing X PixMap image
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: netpbm (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Vladimir Lettiev
QA Contact: qa-sisyphus
URL: https://bugzilla.redhat.com/show_bug....
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-02-11 17:55 MSK by Dmitry V. Levin
Modified: 2010-03-02 22:38 MSK (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry V. Levin 2010-02-11 17:55:10 MSK 
Marc Schoenefeld found a stack-based buffer overflow in the way netpbm graphics file formats handling library used to process content of header fields of the X PixMap (XPM) image file.  A remote attacker could provide a specially-crafted XPM image file and trick the local user into processing it, which would lead to denial of service (crash of application using the netpbm library) or, potentially, to execution of arbitrary code with the privileges of that application.
Comment 1 Vladimir Lettiev 2010-02-13 22:23:29 MSK 
Подготовил исправление для Sisyphus:
http://git.altlinux.org/people/crux/packages/?p=netpbm.git;a=summary
Исправление для бранчей также можно подготовить (пример в бранче M51)

Если замечаний не будет, то можно будет отправить на сборку.
Comment 2 Vladimir Lettiev 2010-03-02 22:38:53 MSK 
fixed in 10.35.73-alt1