CVE-2009-4274: Buffer Overflow
First published: Fri Dec 11 2009(Updated: )
Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/netpbm | <0:10.35.58-8.el4 | 0:10.35.58-8.el4 |
| redhat/netpbm | <0:10.35.58-8.el5_7.3 | 0:10.35.58-8.el5_7.3 |
| Netpbm | =10.0 | |
| Netpbm | =10.1 | |
| Netpbm | =10.2 | |
| Netpbm | =10.3 | |
| Netpbm | =10.4 | |
| Netpbm | =10.5 | |
| Netpbm | =10.6 | |
| Netpbm | =10.7 | |
| Netpbm | =10.8 | |
| Netpbm | =10.9 | |
| Netpbm | =10.10 | |
| Netpbm | =10.11 | |
| Netpbm | =10.12 | |
| Netpbm | =10.13 | |
| Netpbm | =10.14 | |
| Netpbm | =10.15 | |
| Netpbm | =10.16 | |
| Netpbm | =10.17 | |
| Netpbm | =10.18 | |
| Netpbm | =10.19 | |
| Netpbm | =10.20 | |
| Netpbm | =10.21 | |
| Netpbm | =10.22 | |
| Netpbm | =10.23 | |
| Netpbm | =10.24 | |
| Netpbm | =10.25 | |
| Netpbm | =10.26 | |
| Netpbm | =10.27 | |
| Netpbm | =10.28 | |
| Netpbm | =10.29 | |
| Netpbm | =10.30 | |
| Netpbm | =10.31 | |
| Netpbm | =10.32 | |
| Netpbm | =10.33 | |
| Netpbm | =10.34 | |
| Netpbm | =10.35.00 | |
| Netpbm | =10.35.01 | |
| Netpbm | =10.35.02 | |
| Netpbm | =10.35.03 | |
| Netpbm | =10.35.04 | |
| Netpbm | =10.35.05 | |
| Netpbm | =10.35.06 | |
| Netpbm | =10.35.07 | |
| Netpbm | =10.35.08 | |
| Netpbm | =10.35.09 | |
| Netpbm | =10.35.10 | |
| Netpbm | =10.35.11 | |
| Netpbm | =10.35.12 | |
| Netpbm | =10.35.13 | |
| Netpbm | =10.35.14 | |
| Netpbm | =10.35.15 | |
| Netpbm | =10.35.16 | |
| Netpbm | =10.35.17 | |
| Netpbm | =10.35.18 | |
| Netpbm | =10.35.19 | |
| Netpbm | =10.35.20 | |
| Netpbm | =10.35.21 | |
| Netpbm | =10.35.22 | |
| Netpbm | =10.35.23 | |
| Netpbm | =10.35.24 | |
| Netpbm | =10.35.25 | |
| Netpbm | =10.35.26 | |
| Netpbm | =10.35.27 | |
| Netpbm | =10.35.28 | |
| Netpbm | =10.35.29 | |
| Netpbm | =10.35.30 | |
| Netpbm | =10.35.31 | |
| Netpbm | =10.35.32 | |
| Netpbm | =10.35.33 | |
| Netpbm | =10.35.34 | |
| Netpbm | =10.35.35 | |
| Netpbm | =10.35.36 | |
| Netpbm | =10.35.37 | |
| Netpbm | =10.35.38 | |
| Netpbm | =10.35.39 | |
| Netpbm | =10.35.40 | |
| Netpbm | =10.35.41 | |
| Netpbm | =10.35.42 | |
| Netpbm | =10.35.43 | |
| Netpbm | =10.35.44 | |
| Netpbm | =10.35.45 | |
| Netpbm | =10.35.46 | |
| Netpbm | =10.35.47 | |
| Netpbm | =10.36.00 | |
| Netpbm | =10.37.00 | |
| Netpbm | =10.38.00 | |
| Netpbm | =10.39.00 | |
| Netpbm | =10.40.00 | |
| Netpbm | =10.41.00 | |
| Netpbm | =10.42.00 | |
| Netpbm | =10.43.00 | |
| Netpbm | =10.44.00 | |
| Netpbm | =10.45.00 | |
| Netpbm | =10.46.00 | |
| Netpbm | =10.47.00 | |
| Netpbm | =10.47.01 | |
| Netpbm | =10.47.02 | |
| Netpbm | =10.47.03 | |
| Netpbm | =10.47.04 | |
| Netpbm | =10.47.05 | |
| Netpbm | =10.47.06 | |
| =10.0 | ||
| =10.1 | ||
| =10.2 | ||
| =10.3 | ||
| =10.4 | ||
| =10.5 | ||
| =10.6 | ||
| =10.7 | ||
| =10.8 | ||
| =10.9 | ||
| =10.10 | ||
| =10.11 | ||
| =10.12 | ||
| =10.13 | ||
| =10.14 | ||
| =10.15 | ||
| =10.16 | ||
| =10.17 | ||
| =10.18 | ||
| =10.19 | ||
| =10.20 | ||
| =10.21 | ||
| =10.22 | ||
| =10.23 | ||
| =10.24 | ||
| =10.25 | ||
| =10.26 | ||
| =10.27 | ||
| =10.28 | ||
| =10.29 | ||
| =10.30 | ||
| =10.31 | ||
| =10.32 | ||
| =10.33 | ||
| =10.34 | ||
| =10.35.00 | ||
| =10.35.01 | ||
| =10.35.02 | ||
| =10.35.03 | ||
| =10.35.04 | ||
| =10.35.05 | ||
| =10.35.06 | ||
| =10.35.07 | ||
| =10.35.08 | ||
| =10.35.09 | ||
| =10.35.10 | ||
| =10.35.11 | ||
| =10.35.12 | ||
| =10.35.13 | ||
| =10.35.14 | ||
| =10.35.15 | ||
| =10.35.16 | ||
| =10.35.17 | ||
| =10.35.18 | ||
| =10.35.19 | ||
| =10.35.20 | ||
| =10.35.21 | ||
| =10.35.22 | ||
| =10.35.23 | ||
| =10.35.24 | ||
| =10.35.25 | ||
| =10.35.26 | ||
| =10.35.27 | ||
| =10.35.28 | ||
| =10.35.29 | ||
| =10.35.30 | ||
| =10.35.31 | ||
| =10.35.32 | ||
| =10.35.33 | ||
| =10.35.34 | ||
| =10.35.35 | ||
| =10.35.36 | ||
| =10.35.37 | ||
| =10.35.38 | ||
| =10.35.39 | ||
| =10.35.40 | ||
| =10.35.41 | ||
| =10.35.42 | ||
| =10.35.43 | ||
| =10.35.44 | ||
| =10.35.45 | ||
| =10.35.46 | ||
| =10.35.47 | ||
| =10.36.00 | ||
| =10.37.00 | ||
| =10.38.00 | ||
| =10.39.00 | ||
| =10.40.00 | ||
| =10.41.00 | ||
| =10.42.00 | ||
| =10.43.00 | ||
| =10.44.00 | ||
| =10.45.00 | ||
| =10.46.00 | ||
| =10.47.00 | ||
| =10.47.01 | ||
| =10.47.02 | ||
| =10.47.03 | ||
| =10.47.04 | ||
| =10.47.05 | ||
| =10.47.06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/38164
- https://bugzilla.redhat.com/show_bug.cgi?id=546580
- http://www.openwall.com/lists/oss-security/2010/02/09/11
- http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/doc/HISTORY?view=markup
- http://netpbm.svn.sourceforge.net/viewvc/netpbm/stable/converter/ppm/xpmtoppm.c?view=patch&r1=995&r2=1076&pathrev=1076
- http://www.vupen.com/english/advisories/2010/0358
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:039
- http://secunia.com/advisories/38530
- http://secunia.com/advisories/38915
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://www.vupen.com/english/advisories/2010/0780
- http://www.debian.org/security/2010/dsa-2026
- http://www.redhat.com/support/errata/RHSA-2011-1811.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56207
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=377777&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=377777&action=edit
- https://access.redhat.com/security/cve/CVE-2009-4274
- https://rhn.redhat.com/errata/RHSA-2011-1811.html
- https://www.cve.org/CVERecord?id=CVE-2009-4274 https://nvd.nist.gov/vuln/detail/CVE-2009-4274
- https://access.redhat.com/errata/RHSA-2011:1811
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4274.json
Frequently Asked Questions
What is the severity of CVE-2009-4274?
CVE-2009-4274 has a severity rating that may allow attackers to cause denial of service or potentially execute arbitrary code.
How do I fix CVE-2009-4274?
To fix CVE-2009-4274, update to a version of netpbm that is 10.47.07 or later.
Which software versions are affected by CVE-2009-4274?
CVE-2009-4274 affects netpbm versions prior to 10.47.07.
What type of vulnerability is CVE-2009-4274?
CVE-2009-4274 is a stack-based buffer overflow vulnerability.
Can CVE-2009-4274 lead to application crashes?
Yes, CVE-2009-4274 can cause application crashes due to its buffer overflow nature.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-4274
- agent/first-publish-date
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/redhat-cve
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-api
- source/NVD
- package-manager/redhat
- vendor/netpbm
- canonical/netpbm
- version/netpbm/10.0
- version/netpbm/10.1
- version/netpbm/10.2
- version/netpbm/10.3
- version/netpbm/10.4
- version/netpbm/10.5
- version/netpbm/10.6
- version/netpbm/10.7
- version/netpbm/10.8
- version/netpbm/10.9
- version/netpbm/10.10
- version/netpbm/10.11
- version/netpbm/10.12
- version/netpbm/10.13
- version/netpbm/10.14
- version/netpbm/10.15
- version/netpbm/10.16
- version/netpbm/10.17
- version/netpbm/10.18
- version/netpbm/10.19
- version/netpbm/10.20
- version/netpbm/10.21
- version/netpbm/10.22
- version/netpbm/10.23
- version/netpbm/10.24
- version/netpbm/10.25
- version/netpbm/10.26
- version/netpbm/10.27
- version/netpbm/10.28
- version/netpbm/10.29
- version/netpbm/10.30
- version/netpbm/10.31
- version/netpbm/10.32
- version/netpbm/10.33
- version/netpbm/10.34
- version/netpbm/10.35.00
- version/netpbm/10.35.01
- version/netpbm/10.35.02
- version/netpbm/10.35.03
- version/netpbm/10.35.04
- version/netpbm/10.35.05
- version/netpbm/10.35.06
- version/netpbm/10.35.07
- version/netpbm/10.35.08
- version/netpbm/10.35.09
- version/netpbm/10.35.10
- version/netpbm/10.35.11
- version/netpbm/10.35.12
- version/netpbm/10.35.13
- version/netpbm/10.35.14
- version/netpbm/10.35.15
- version/netpbm/10.35.16
- version/netpbm/10.35.17
- version/netpbm/10.35.18
- version/netpbm/10.35.19
- version/netpbm/10.35.20
- version/netpbm/10.35.21
- version/netpbm/10.35.22
- version/netpbm/10.35.23
- version/netpbm/10.35.24
- version/netpbm/10.35.25
- version/netpbm/10.35.26
- version/netpbm/10.35.27
- version/netpbm/10.35.28
- version/netpbm/10.35.29
- version/netpbm/10.35.30
- version/netpbm/10.35.31
- version/netpbm/10.35.32
- version/netpbm/10.35.33
- version/netpbm/10.35.34
- version/netpbm/10.35.35
- version/netpbm/10.35.36
- version/netpbm/10.35.37
- version/netpbm/10.35.38
- version/netpbm/10.35.39
- version/netpbm/10.35.40
- version/netpbm/10.35.41
- version/netpbm/10.35.42
- version/netpbm/10.35.43
- version/netpbm/10.35.44
- version/netpbm/10.35.45
- version/netpbm/10.35.46
- version/netpbm/10.35.47
- version/netpbm/10.36.00
- version/netpbm/10.37.00
- version/netpbm/10.38.00
- version/netpbm/10.39.00
- version/netpbm/10.40.00
- version/netpbm/10.41.00
- version/netpbm/10.42.00
- version/netpbm/10.43.00
- version/netpbm/10.44.00
- version/netpbm/10.45.00
- version/netpbm/10.46.00
- version/netpbm/10.47.00
- version/netpbm/10.47.01
- version/netpbm/10.47.02
- version/netpbm/10.47.03
- version/netpbm/10.47.04
- version/netpbm/10.47.05
- version/netpbm/10.47.06