Bug#1140183: Bug#1140182: netpbm: stack-based buffer overflow in imgtoppm via unbounded atoi()/fread() chunk length (CWE-121)
Andreas Metzler
ametzler at bebt.de
Wed Jun 17 18:01:24 BST 2026
On 2026-06-16 Maram Sai Harsha Vardhan Reddy <maramsaiharsha24 at gmail.com> wrote:
> Package: netpbm
> Version: 2:11.13.03+ds-2
> Severity: important
> Tags: security patch
> Dear Maintainer,
> imgtoppm (/usr/bin/imgtoppm) contains a stack-based buffer overflow
> (CWE-121 / CWE-787) reachable from a single untrusted input file, with no
> authentication or user interaction.
[...]
Helo,
did you already contact netpbm ustream about this bug and #1140183?
cu Andreas
--
"You people are noisy," Nia said.
I made the gesture of agreement.
More information about the Pkg-phototools-devel
mailing list