Описание
Security update for netpbm
This update for netpbm fixes the following issues:
- CVE-2017-5849: Fixed out-of-bound read and write issue that can occur in function putgreytile() and put1bitbwtile() (bsc#1022790, bsc#1022791).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP5
libnetpbm11-10.80.1-150000.3.14.1
netpbm-10.80.1-150000.3.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
libnetpbm-devel-10.80.1-150000.3.14.1
openSUSE Leap 15.5
libnetpbm-devel-10.80.1-150000.3.14.1
libnetpbm11-10.80.1-150000.3.14.1
libnetpbm11-32bit-10.80.1-150000.3.14.1
netpbm-10.80.1-150000.3.14.1
netpbm-vulnerable-10.80.1-150000.3.14.1
Ссылки
- Link for SUSE-SU-2024:0435-1
- E-Mail link for SUSE-SU-2024:0435-1
- SUSE Security Ratings
- SUSE Bug 1022790
- SUSE Bug 1022791
- SUSE CVE CVE-2017-5849 page
Описание
tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP5:libnetpbm11-10.80.1-150000.3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP5:netpbm-10.80.1-150000.3.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libnetpbm-devel-10.80.1-150000.3.14.1
openSUSE Leap 15.5:libnetpbm-devel-10.80.1-150000.3.14.1
Ссылки
- CVE-2017-5849
- SUSE Bug 1022790
- SUSE Bug 1022791