CVE-2017-2579 — LOW (3.3) — White Hats Nepal

Vulnerability Description

An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution.

CVSS Score

3.3

LOW

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Netpbm Project	Netpbm	10.61.00

Related Weaknesses (CWE)

CWE-125

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00056.html
http://www.securityfocus.com/bid/96714Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00056.html
http://www.securityfocus.com/bid/96714Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579Issue Tracking

FAQ

What is CVE-2017-2579?

CVE-2017-2579 is a vulnerability with a CVSS score of 3.3 (LOW). An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the applic...

How severe is CVE-2017-2579?

CVE-2017-2579 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-2579?

Check the references section above for vendor advisories and patch information. Affected products include: Netpbm Project Netpbm.