fkie_cve-2009-4274
Vulnerability from fkie_nvd
Published
2010-02-12 21:30
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F79F02C3-950F-4D47-971A-3C1367F1642C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0344253A-AF59-499B-81DF-5494A34B115F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7297482-7D30-484A-8F8D-AFEA2E468725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "93BA3D19-C291-468E-9E4E-E8374AE1BD32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "85CF9240-FAEE-4BA2-8374-8B81F738521A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45457716-9219-4A88-A824-B45FA16643D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "93A0526D-918E-4FAE-90AF-2BA49F9D5276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD350ED-1327-483A-BF73-02AB9924EDED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "98C11849-BCD4-4982-A779-435669BD668F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C94984E9-22EE-4B24-AFCB-52137A871117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "23B10069-89E1-4E63-BCFF-C210CE3C5655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EC42B061-EB8E-49B4-B041-42B31672C42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAE142A-4F71-4452-8DAD-9D6BA11EBF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "179366EE-D637-4345-8759-81D5E12EFFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "725CFC44-43C8-47FF-9935-FA006B6338FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3A331F93-08C2-4F45-98AD-46DBE38A9785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFB0157-CF91-4FCB-8786-4024595B3EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.17:*:*:*:*:*:*:*",
"matchCriteriaId": "92045C29-20B4-46D0-9643-491BB0642D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.18:*:*:*:*:*:*:*",
"matchCriteriaId": "148A51ED-1A00-45D3-934E-96CA2759F5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.19:*:*:*:*:*:*:*",
"matchCriteriaId": "77BE0692-E688-4438-98C7-FA1FCE05F41C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "1904CB89-F576-4DFF-9639-9263D0ADE0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.21:*:*:*:*:*:*:*",
"matchCriteriaId": "50D11F39-3B4F-43E4-AC5E-E1B5931BCBB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.22:*:*:*:*:*:*:*",
"matchCriteriaId": "97023E9B-520D-4E6F-BA7F-052BA89BF2E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.23:*:*:*:*:*:*:*",
"matchCriteriaId": "93A152B4-8483-4874-88C0-4679831BB60E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBAE4A7-B0E1-4E50-8775-CAEF3E49B7EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.25:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE78BA1-4001-4676-8BCB-FBC081A5D733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.26:*:*:*:*:*:*:*",
"matchCriteriaId": "FF606C17-AD8A-4D81-AB55-50B0C4B7763F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.27:*:*:*:*:*:*:*",
"matchCriteriaId": "906047FD-1D75-4F97-977D-2A22A1DC87B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.28:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA92693-6629-4A8D-9C54-418569C852F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F078E1C6-3FB7-415B-A49A-455BE55148B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "9F97984A-04F4-4F69-B03B-D06FD0F21EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.31:*:*:*:*:*:*:*",
"matchCriteriaId": "53FB010A-9B82-41F9-9DDB-4DCC0BFA0365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.32:*:*:*:*:*:*:*",
"matchCriteriaId": "07292430-0952-4E40-9012-1DD5709D2F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.33:*:*:*:*:*:*:*",
"matchCriteriaId": "019C4B30-4F04-4068-80B1-884F9607EC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F74038FE-C361-415B-AC47-744D3792E707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6B8C20-2603-4BC6-A9C5-363E45B86492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.01:*:*:*:*:*:*:*",
"matchCriteriaId": "16998237-B53D-4E6C-B2E7-3C17BE483780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.02:*:*:*:*:*:*:*",
"matchCriteriaId": "4998E602-7E72-4ED9-806F-2DF117827F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5A01D9E5-14BD-416D-8363-278FBA991BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.04:*:*:*:*:*:*:*",
"matchCriteriaId": "59B55BD5-0E1C-4A13-965C-BAFBE480C384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.05:*:*:*:*:*:*:*",
"matchCriteriaId": "EC498C66-4E32-4E4B-9BB0-3943CB963BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.06:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4F989C-B9AF-4A0D-A39E-A9405E38229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.07:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC7D4D-09B1-4063-9FE8-F88032B91FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.08:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF8AB55-8A95-47CD-960A-E9A920632B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.09:*:*:*:*:*:*:*",
"matchCriteriaId": "FB45C9DA-9503-4F5C-8079-0C47E778EAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1D6ABC-D56F-4484-90D0-45CD3E7B682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B48121BF-EDA1-4EAD-B24B-7BAF6668D4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9E079966-8423-4638-8A55-BC9F2412D4E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE5E653-3B78-4DCE-9FE8-1126FC18D8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D339F6D7-9E9A-46C2-9823-E534F3BEBDC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A829E428-77AA-4B8F-B4E6-BB89F0054F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.16:*:*:*:*:*:*:*",
"matchCriteriaId": "A6470755-BE74-49FB-B4C7-6869FB33A096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7FEFA0BB-1542-4A88-BC95-A60AAEF90D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.18:*:*:*:*:*:*:*",
"matchCriteriaId": "090C90E2-D688-44C2-88D7-E40F7D919FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.19:*:*:*:*:*:*:*",
"matchCriteriaId": "675512A2-6E2A-46BA-9237-114B4EA6248F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.20:*:*:*:*:*:*:*",
"matchCriteriaId": "185FF47F-321E-4D26-893D-BB4F4B532670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B402DB46-6103-4428-B6BF-9263D9270EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.22:*:*:*:*:*:*:*",
"matchCriteriaId": "599D4BAC-1266-4A30-A4C5-4BA13EC47F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.23:*:*:*:*:*:*:*",
"matchCriteriaId": "23241E2B-21B9-4C97-B865-5C3652C27401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A40DC0-AE35-4597-8A55-D5022289435E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.25:*:*:*:*:*:*:*",
"matchCriteriaId": "C12B85A1-5607-4037-A362-0270EF710514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.26:*:*:*:*:*:*:*",
"matchCriteriaId": "03B39A1A-DC18-413E-A869-9D6C7C77BF8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.27:*:*:*:*:*:*:*",
"matchCriteriaId": "4F62F30D-F8D9-4B47-9CFC-8F54B3F589C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.28:*:*:*:*:*:*:*",
"matchCriteriaId": "89B0ACB2-FE13-4145-8EAE-9D6FB7FEDD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.29:*:*:*:*:*:*:*",
"matchCriteriaId": "0253F8B8-346C-40F0-9225-4593EAF39861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.30:*:*:*:*:*:*:*",
"matchCriteriaId": "2411D682-BEB2-41E0-B211-4E8EA0E551C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.31:*:*:*:*:*:*:*",
"matchCriteriaId": "97036446-8A06-4AB6-842B-2186A88FBB1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.32:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F56AC-906E-4713-83ED-79A8673F59BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.33:*:*:*:*:*:*:*",
"matchCriteriaId": "A77A17C7-C323-4182-A099-BB3E92BF12D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.34:*:*:*:*:*:*:*",
"matchCriteriaId": "82DB51EA-A050-417A-8603-97BD33ACB9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.35:*:*:*:*:*:*:*",
"matchCriteriaId": "48468D84-76E9-476D-8470-3950C8281118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.36:*:*:*:*:*:*:*",
"matchCriteriaId": "7472AD57-68B3-43BE-95D4-F21D39708A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.37:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA0C21F-DB95-43D9-B7B2-B076043828E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.38:*:*:*:*:*:*:*",
"matchCriteriaId": "3658F6EA-E897-4A24-AD82-F3EBD4567D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.39:*:*:*:*:*:*:*",
"matchCriteriaId": "F887C654-43D9-4374-88D8-DCA800B7F449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.40:*:*:*:*:*:*:*",
"matchCriteriaId": "34001491-58AD-4F6C-9159-C27671EA1574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.41:*:*:*:*:*:*:*",
"matchCriteriaId": "347D3197-1915-4417-B72D-0C23BEFBAA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.42:*:*:*:*:*:*:*",
"matchCriteriaId": "0256E7B3-E119-41A4-B49D-4C08D364C22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.43:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA3DD4D-28E0-4266-9024-A4DFF832512E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.44:*:*:*:*:*:*:*",
"matchCriteriaId": "02FAFCFB-0D3F-4906-ADCE-BF7F06167692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.45:*:*:*:*:*:*:*",
"matchCriteriaId": "EB184F25-C4ED-4655-B79D-6B00E22F9097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.46:*:*:*:*:*:*:*",
"matchCriteriaId": "43FC34D4-576B-46D6-B13C-EE17C0A5AAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.35.47:*:*:*:*:*:*:*",
"matchCriteriaId": "0618AF8A-0927-45CC-8BF5-93B1083B8147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.36.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4A715086-7459-4E99-8936-49F77323D17C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.37.00:*:*:*:*:*:*:*",
"matchCriteriaId": "979690E7-827E-4131-A3CD-235340A2FC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.38.00:*:*:*:*:*:*:*",
"matchCriteriaId": "AD21B69B-5500-4130-9603-F46998AC7D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.39.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0E222667-1825-4377-AD6E-5C88979CD5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.40.00:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA2DCC3-007C-4EA4-BD2B-18C776D3CBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.41.00:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A9A4DD-FCE5-4585-97A5-F91120F9F2D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.42.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8E6AAC-2DFD-4E6F-BAFA-FC002E7FBF78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.43.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9C739F6A-7DA4-4069-827D-B78DA08E4C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.44.00:*:*:*:*:*:*:*",
"matchCriteriaId": "04BE3C40-8066-4C41-A566-F89236D5F112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.45.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A66AB52D-ECF8-4D0E-906F-7FA1AC41CD84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.46.00:*:*:*:*:*:*:*",
"matchCriteriaId": "C11B4771-81FF-4FA4-AB56-0BD51AFF10D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.00:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E831F-F5FB-487F-9359-A7188C2206BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.01:*:*:*:*:*:*:*",
"matchCriteriaId": "756FB7A1-2FD3-40A6-B992-5D5FF0E6A736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.02:*:*:*:*:*:*:*",
"matchCriteriaId": "51CEA68F-46F0-4795-9839-D961FC1A394F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.03:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6F7C0A-FF13-4C64-B9D3-5E71FCF87813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B20DFC28-0489-404A-8783-DCA6157EACCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.05:*:*:*:*:*:*:*",
"matchCriteriaId": "533419D8-A51D-4C51-A898-7E9068722FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netpbm:netpbm:10.47.06:*:*:*:*:*:*:*",
"matchCriteriaId": "E141EBC6-830D-4ADD-8D03-DB528FF3E117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en converter/ppm/xpmtoppm.c en netpbm anterior a v10.47.07, permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio(ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo de imagen XPM que contiene un campo de cabecera (header) manipulado asociado con un valor alto del \u00edndice de color."
}
],
"id": "CVE-2009-4274",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-12T21:30:00.533",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch\u0026r1=995\u0026r2=1076\u0026pathrev=1076"
},
{
"source": "secalert@redhat.com",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38530"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38915"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2026"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/02/09/11"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/38164"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0358"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0780"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch\u0026r1=995\u0026r2=1076\u0026pathrev=1076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/02/09/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1811.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56207"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4274\n\nThe Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/",
"lastModified": "2010-02-17T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…