119601 – (CVE-2005-2978) VUL-0: CVE-2005-2978: netpbm buffer overflow

Bug 119601 (CVE-2005-2978) - VUL-0: CVE-2005-2978: netpbm buffer overflow

Summary: VUL-0: CVE-2005-2978: netpbm buffer overflow

Status:	RESOLVED FIXED

Alias:	CVE-2005-2978

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other All

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVE-2005-2978: CVSS v2 Base Score: 7....
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-09-30 08:24 UTC by Ludwig Nussel
Modified:	2021-12-17 16:21 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
patch (664 bytes, patch) 2005-09-30 09:51 UTC, Ludwig Nussel	Details \| Diff
exploit (62 bytes, application/x-gzip) 2005-09-30 09:51 UTC, Ludwig Nussel	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 1 Ludwig Nussel 2005-09-30 09:51:08 UTC

Created attachment 51230 [details]
patch

Comment 3 Ludwig Nussel 2005-09-30 09:57:49 UTC

   2 local non-root user 
  +1 default package 
  -1 default inactive 
  +1 command execution 
 
Total Score: 3 (Low) 
 
If it's used from e.g. some php it might be considered remote which would 
raise severity to 7.

Comment 4 Vladimir Nadvornik 2005-10-10 14:55:14 UTC

The result of this bug is that pnmtopng can access an array with uninitialized 
index, but I don't see any way to exploit it. Could you please ask for more 
details?

Also, our 10.0 package does not crash on the attached file.

Comment 5 Thomas Biege 2005-10-11 10:58:59 UTC

Briefly looking at the 9.3 and 9.0 code doesn't reveal any exploitablility to me
neither.

The 9.3 code seems not to crash by using the example mentioned in the initila
comment.

Comment 6 Vladimir Nadvornik 2005-10-13 09:47:10 UTC

Packages for sles8, sles9, sles9-beta, 9.0 - 10.0 and stable are submitted.
Can you please submit patchinfos?

Comment 7 Thomas Biege 2005-10-13 10:34:59 UTC

Maintenance-Tracker-2586

Comment 8 Thomas Biege 2005-10-13 10:40:19 UTC

/work/src/done/PATCHINFO/netpbm.patch.maintained
/work/src/done/PATCHINFO/netpbm.patch.box

Comment 9 Thomas Biege 2005-10-13 10:40:50 UTC

CRD: 18.10.2005 1400UTC

Comment 10 Marcus Meissner 2005-10-20 16:07:42 UTC

updates approved.

Comment 11 Marcus Meissner 2005-10-25 20:39:54 UTC

make more visible.

Comment 12 Thomas Biege 2009-10-13 21:37:55 UTC

CVE-2005-2978: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)