CVE-2009-4274

Publication date 12 February 2010

Last updated 24 July 2024

Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
netpbm-free	10.04 LTS lucid	Fixed 2:10.0-12.1ubuntu1
	9.10 karmic	Fixed 2:10.0-12ubuntu1.1
	9.04 jaunty	Fixed 2:10.0-12ubuntu0.9.04.1
	8.10 intrepid	Fixed 2:10.0-12ubuntu0.8.10.1
	8.04 LTS hardy	Fixed 2:10.0-11.1ubuntu0.1
	6.06 LTS dapper	Ignored end of life

Notes

kees

stack protection in Edgy and later makes this a DoS only.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
netpbm-free	Upstream: http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076

CVE-2009-4274

Status

Notes

kees

Patch details

References

Related Ubuntu Security Notices (USN)

Other references