Vulnerabilities > CVE-2006-3145 - Remote Off-By-One Buffer Overflow vulnerability in NetPBM Pamtofits
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKA-2006-026.NASL |
| description | The pnmtopalm program, part of netpbm, crashes on many images. (#21020) The pnmtofits program, part of netpbm, crashes during conversion. (#21444) Updated packages have been patched to correct these issues. |
| last seen | 2017-10-29 |
| modified | 2012-09-07 |
| plugin id | 24508 |
| published | 2007-02-18 |
| reporter | Tenable |
| source | https://www.tenable.com/plugins/index.php?view=single&id=24508 |
| title | MDKA-2006:026 : netpbm |
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-08-30 |
| organization | Red Hat |
| statement | This issue did not affect the versions of NetPBM distributed with Red Hat Enterprise Linux 2.1, 3, or 4. |
References
- http://secunia.com/advisories/20729
- http://secunia.com/advisories/20775
- http://sourceforge.net/project/shownotes.php?release_id=425770
- http://www.securityfocus.com/bid/18525
- http://www.trustix.org/errata/2006/0037
- http://www.vupen.com/english/advisories/2006/2449
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27244