Описание
Security update for netpbm
This update for netpbm fixes the following issues:
- CVE-2017-5849: Fixed out-of-bound read and write issue that can occur in function putgreytile() and put1bitbwtile() (bsc#1022790, bsc#1022791).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
libnetpbm11-10.66.3-8.10.1
libnetpbm11-32bit-10.66.3-8.10.1
netpbm-10.66.3-8.10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libnetpbm11-10.66.3-8.10.1
libnetpbm11-32bit-10.66.3-8.10.1
netpbm-10.66.3-8.10.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libnetpbm-devel-10.66.3-8.10.1
Ссылки
- Link for SUSE-SU-2024:0434-1
- E-Mail link for SUSE-SU-2024:0434-1
- SUSE Security Ratings
- SUSE Bug 1022790
- SUSE Bug 1022791
- SUSE CVE CVE-2017-5849 page
Описание
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:libnetpbm11-10.66.3-8.10.1
SUSE Linux Enterprise Server 12 SP5:libnetpbm11-32bit-10.66.3-8.10.1
SUSE Linux Enterprise Server 12 SP5:netpbm-10.66.3-8.10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libnetpbm11-10.66.3-8.10.1
Ссылки
- CVE-2017-5849
- SUSE Bug 1022790
- SUSE Bug 1022791