Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2009-4274

Published: 12/02/2010 Updated: 13/02/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Netpbm

Vulnerability Summary

Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm prior to 10.47.07 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

netpbm netpbm 10.35.13

netpbm netpbm 10.28

netpbm netpbm 10.39.00

netpbm netpbm 10.0

netpbm netpbm 10.46.00

netpbm netpbm 10.35.44

netpbm netpbm 10.35.11

netpbm netpbm 10.35.32

netpbm netpbm 10.35.20

netpbm netpbm 10.33

netpbm netpbm 10.35.35

netpbm netpbm 10.35.39

netpbm netpbm 10.7

netpbm netpbm 10.13

netpbm netpbm 10.35.18

netpbm netpbm 10.35.06

netpbm netpbm 10.45.00

netpbm netpbm 10.35.08

netpbm netpbm 10.35.19

netpbm netpbm 10.26

netpbm netpbm 10.38.00

netpbm netpbm 10.42.00

netpbm netpbm 10.35.00

netpbm netpbm 10.35.33

netpbm netpbm 10.12

netpbm netpbm 10.35.22

netpbm netpbm 10.35.28

netpbm netpbm 10.17

netpbm netpbm 10.35.15

netpbm netpbm 10.35.29

netpbm netpbm 10.35.16

netpbm netpbm 10.8

netpbm netpbm 10.47.06

netpbm netpbm 10.2

netpbm netpbm 10.1

netpbm netpbm 10.19

netpbm netpbm 10.35.36

netpbm netpbm 10.32

netpbm netpbm 10.35.03

netpbm netpbm 10.47.03

netpbm netpbm 10.35.40

netpbm netpbm 10.35.43

netpbm netpbm 10.35.23

netpbm netpbm 10.35.30

netpbm netpbm 10.35.38

netpbm netpbm 10.35.09

netpbm netpbm 10.3

netpbm netpbm 10.22

netpbm netpbm 10.35.41

netpbm netpbm 10.11

netpbm netpbm 10.35.10

netpbm netpbm 10.6

netpbm netpbm 10.31

netpbm netpbm 10.35.17

netpbm netpbm 10.29

netpbm netpbm 10.35.12

netpbm netpbm 10.9

netpbm netpbm 10.44.00

netpbm netpbm 10.47.04

netpbm netpbm 10.20

netpbm netpbm 10.27

netpbm netpbm 10.25

netpbm netpbm 10.18

netpbm netpbm 10.23

netpbm netpbm 10.47.00

netpbm netpbm 10.35.05

netpbm netpbm 10.35.27

netpbm netpbm 10.47.01

netpbm netpbm 10.10

netpbm netpbm 10.35.46

netpbm netpbm 10.16

netpbm netpbm 10.43.00

netpbm netpbm 10.35.45

netpbm netpbm 10.36.00

netpbm netpbm 10.35.07

netpbm netpbm 10.35.25

netpbm netpbm 10.40.00

netpbm netpbm 10.30

netpbm netpbm 10.35.31

netpbm netpbm 10.35.34

netpbm netpbm 10.34

netpbm netpbm 10.47.05

netpbm netpbm 10.21

netpbm netpbm 10.14

netpbm netpbm 10.5

netpbm netpbm 10.35.02

netpbm netpbm 10.35.24

netpbm netpbm 10.4

netpbm netpbm 10.35.04

netpbm netpbm 10.24

netpbm netpbm 10.35.14

netpbm netpbm 10.47.02

netpbm netpbm 10.37.00

netpbm netpbm 10.35.37

netpbm netpbm 10.15

netpbm netpbm 10.35.21

netpbm netpbm 10.35.26

netpbm netpbm 10.41.00

netpbm netpbm 10.35.47

netpbm netpbm 10.35.01

netpbm netpbm 10.35.42

Vendor Advisories

Red Hat: Important: netpbm security update
Synopsis Important: netpbm security update Type/Severity Security Advisory: Important Topic Updated netpbm packages that fix three security issues are now availablefor Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnera ...
Debian CVElist Bug Report Logs: Stack-based buffer overflow in XPM reader (CVE-2009-4274)
Debian Bug report logs - #569060 Stack-based buffer overflow in XPM reader (CVE-2009-4274) Package: netpbm; Maintainer for netpbm is Andreas Barth <aba@notsoarghorg>; Source for netpbm is src:netpbm-free (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Tue, 9 Feb 2010 19:33:02 UTC Sever ...
Ubuntu Security Notice: netpbm-free vulnerability
Marc Schoenefeld discovered a buffer overflow in Netpbm when loading certain images If a user or automated system were tricked into opening a specially crafted XPM image, a remote attacker could crash Netpbm The default compiler options for affected releases should reduce the vulnerability to a denial of service ...
Debian Security Advisories: DSA-2026-1 netpbm-free -- stack-based buffer overflow
Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities An attacker could cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value F ...

References

CWE-119http://www.securityfocus.com/bid/38164https://bugzilla.redhat.com/show_bug.cgi?id=546580http://www.openwall.com/lists/oss-security/2010/02/09/11http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markuphttp://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076http://www.vupen.com/english/advisories/2010/0358http://www.mandriva.com/security/advisories?name=MDVSA-2010:039http://secunia.com/advisories/38530http://secunia.com/advisories/38915http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlhttp://www.vupen.com/english/advisories/2010/0780http://www.debian.org/security/2010/dsa-2026http://www.redhat.com/support/errata/RHSA-2011-1811.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/56207https://access.redhat.com/errata/RHSA-2011:1811https://usn.ubuntu.com/934-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook