CVE-2005-2978

NameCVE-2005-2978
Descriptionpnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-878-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
netpbm-free (PTS)wheezy2:10.0-15fixed
jessie2:10.0-15.2fixed
buster, sid, stretch2:10.0-15.3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
netpbm-freesource(unstable)2:10.0-10high
netpbm-freesourcesarge2:10.0-8sarge1highDSA-878-1
netpbm-freesourcewoody(not affected)DSA-878-1

Search for package or bug name: Reporting problems