Vulnerability Description
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netpbm | Netpbm | 10.0 |
References
- http://secunia.com/advisories/17221
- http://secunia.com/advisories/17222
- http://secunia.com/advisories/17256
- http://secunia.com/advisories/17265
- http://secunia.com/advisories/17282
- http://secunia.com/advisories/17357
- http://securitytracker.com/id?1015071
- http://www.debian.org/security/2005/dsa-878
- http://www.gentoo.org/security/en/glsa/glsa-200510-18.xml
- http://www.novell.com/linux/security/advisories/2005_24_sr.html
- http://www.redhat.com/support/errata/RHSA-2005-793.htmlVendor Advisory
- http://www.securityfocus.com/bid/15128
- http://www.vupen.com/english/advisories/2005/2133
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168278ExploitVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2005-2978?
CVE-2005-2978 is a vulnerability with a CVSS score of 7.5 (HIGH). pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might ...
How severe is CVE-2005-2978?
CVE-2005-2978 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2978?
Check the references section above for vendor advisories and patch information. Affected products include: Netpbm Netpbm.