Overview

File _patchinfo of Package patchinfo.4947

<patchinfo incident="4947">
  <issue id="1024294" tracker="bnc">VUL-1: CVE-2017-2587: netpbm: Insufficient size check of memory allocation in createCanvas() function</issue>
  <issue id="1024287" tracker="bnc">VUL-0: CVE-2017-2581: netpbm: Out-of-bounds write in writeRasterPbm()</issue>
  <issue id="1024292" tracker="bnc">VUL-1: CVE-2017-2586: netpbm: Null pointer dereference in stringToUint function</issue>
  <issue id="2017-2581" tracker="cve" />
  <issue id="2017-2587" tracker="cve" />
  <issue id="2017-2586" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for netpbm fixes the following issues:

Security bugs:
* CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service (abort) problem when processing malformed images. [bsc#1024292]
* CVE-2017-2581: A out-of-bounds write in writeRasterPbm() could be used by attackers to crash the decoder or potentially execute code. [bsc#1024287]
* CVE-2017-2587: A insufficient size check of memory allocation in createCanvas() function could be used for a denial of service attack (memory exhaustion) [bsc#1024294]
</description>
  <summary>Security update for netpbm</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places