USN-210-1: netpbm vulnerability

18 October 2005

netpbm-free vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10
  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

A buffer overflow was found in the “pnmtopng” conversion program. By tricking an user (or automated system) to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
netpbm
Ubuntu 5.04
netpbm
Ubuntu 4.10
netpbm

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References