Security update for netpbm
This update for netpbm fixes the following issues:
Security bugs:
* CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service (abort) problem when processing malformed images. [bsc#1024292]
* CVE-2017-2581: A out-of-bounds write in writeRasterPbm() could be used by attackers to crash the decoder or potentially execute code. [bsc#1024287]
* CVE-2017-2587: A insufficient size check of memory allocation in createCanvas() function could be used for a denial of service attack (memory exhaustion) [bsc#1024294]
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Petr Gajdos (pgajdos)
Fixed bugs
bnc#1024294
VUL-1: CVE-2017-2587: netpbm: Insufficient size check of memory allocation in createCanvas() function
bnc#1024287
VUL-0: CVE-2017-2581: netpbm: Out-of-bounds write in writeRasterPbm()
bnc#1024292
VUL-1: CVE-2017-2586: netpbm: Null pointer dereference in stringToUint function
