Описание
Security update for netpbm
This update for netpbm fixes the following issues:
Security bugs:
- CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service (abort) problem when processing malformed images. [bsc#1024292]
- CVE-2017-2581: A out-of-bounds write in writeRasterPbm() could be used by attackers to crash the decoder or potentially execute code. [bsc#1024287]
- CVE-2017-2587: A insufficient size check of memory allocation in createCanvas() function could be used for a denial of service attack (memory exhaustion) [bsc#1024294]
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
libnetpbm-devel-10.66.3-8.3.1
libnetpbm11-10.66.3-8.3.1
libnetpbm11-32bit-10.66.3-8.3.1
netpbm-10.66.3-8.3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1698-1
- SUSE Security Ratings
Описание
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.
Затронутые продукты
openSUSE Leap 42.2:libnetpbm-devel-10.66.3-8.3.1
openSUSE Leap 42.2:libnetpbm11-10.66.3-8.3.1
openSUSE Leap 42.2:libnetpbm11-32bit-10.66.3-8.3.1
openSUSE Leap 42.2:netpbm-10.66.3-8.3.1
Ссылки
- CVE-2017-2581
- SUSE Bug 1024287
Описание
A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.
Затронутые продукты
openSUSE Leap 42.2:libnetpbm-devel-10.66.3-8.3.1
openSUSE Leap 42.2:libnetpbm11-10.66.3-8.3.1
openSUSE Leap 42.2:libnetpbm11-32bit-10.66.3-8.3.1
openSUSE Leap 42.2:netpbm-10.66.3-8.3.1
Ссылки
- CVE-2017-2586
- SUSE Bug 1024287
- SUSE Bug 1024292
Описание
A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.
Затронутые продукты
openSUSE Leap 42.2:libnetpbm-devel-10.66.3-8.3.1
openSUSE Leap 42.2:libnetpbm11-10.66.3-8.3.1
openSUSE Leap 42.2:libnetpbm11-32bit-10.66.3-8.3.1
openSUSE Leap 42.2:netpbm-10.66.3-8.3.1
Ссылки
- CVE-2017-2587
- SUSE Bug 1024287
- SUSE Bug 1024294