Rapid7 Vulnerability & Exploit Database

RHSA-2009:0012: netpbm security update

Back to Search

RHSA-2009:0012: netpbm security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
10/02/2008
Created
07/25/2018
Added
02/22/2009
Modified
07/04/2017

Description

The netpbm package contains a library of functions for editing andconverting between various graphics file formats, including .pbm (portablebitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portablepixmaps), and others.An input validation flaw and multiple integer overflows were discovered inthe JasPer library providing support for JPEG-2000 image format and used inthe jpeg2ktopam and pamtojpeg2k converters. An attacker could create acarefully-crafted JPEG file which could cause jpeg2ktopam to crash or,possibly, execute arbitrary code as the user running jpeg2ktopam.(CVE-2007-2721, CVE-2008-3520)All users are advised to upgrade to these updated packages which containbackported patches which resolve these issues.

Solution(s)

  • redhat-upgrade-netpbm
  • redhat-upgrade-netpbm-devel
  • redhat-upgrade-netpbm-progs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;